Disclosure: The Points Pundit retains 100% editorial control and receives NO compensation from affiliate partnerships for the content on this blog. Support the blog by applying for a card through my personal referral links, at no extra cost to you.

 

Miles and points aficionados love getting the latest and the best sign-up bonuses to kickstart our travel plans. When we apply for a credit card, we give up a lot of personal information. We enter vital information right from our income, social security number and address. Banks have made credit card applications available online in order to simplify the credit card application process. However, we still face security risks. A phishing attack was recently targeted at American Express customers.

Phishing

For those who may be unfamiliar, TechTarget defines phishing as follows:

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.

Most Recent Attack

The most recent phishing attack targeted both consumer and corporate cardholders. Not surprisingly, the email is poorly worded and contains grammatical errors.

Image courtesy cofense.com

Like most phishing scams, this email looks to also create a sense of urgency. The customer here is made to click on the link which ends up being the initial trap for the phishing scam. The attacker then urges the victim to click on this link in order to set things right:

h**ps://www.americanexpress[.]com/cardmembersvcs/app/signin/Update/Verification

Fake American Express Page

Once the victim clicks on the link, he’s taken to the fake Amex page set up by the attacker. This page is nothing but a copy of the original amex page.

Scam Detection

Thankfully, Microsoft’s Office 365 Advanced Threat Protection detected this scam in an email on a computer that received it.

What you need to do

You can head to this page and submit an email to spoof@americanexpress.com. American Express advises that you not click on links in emails you find suspicious and delete them immediately from your inbox.

The Pundit’s Mantra

Cofense hasn’t yet published any data about how many customers were affected before the email was detected. However, it’s up to us as customers to remain vigilant.

If your financial institution sends you an email, then please review it carefully. Secondly, look out for grammatical errors or garbled images. These are usually clear signs of something being amiss. Also, check your bank and credit card accounts frequently in order to monitor activity. Set alerts on your mobile phone and email in order to track your transactions.

Never miss out on the best miles/points deals. Like us on Facebook ,follow us on Instagram and Twitter to keep getting the latest content!

H/T: Cofense.com