Bogus AmEx notification leads to thorough phishing
Posted on 24 July 2013.
American Express-themed phishing emails are never out of circulation, but it pays to know which new (or recycled) angle is being used at the moment.

The latest one to hit inboxes is a bogus "America Express Online Security Service Notification", which urges users to follow the offered link and verify their access to their online banking account, because "failure to adhere may affect your online banking access in the future."

The link will take potential victims to a page sporting the AmEx logo and a form into which they are expected to enter their name, date of birth, address, card number, expiration date, PIN and CSC number, their AmEx user ID and password, and their email address and associated password:

All this information is more than enough for the scammers to be able to empty the victims' bank account, hijack their email account, and impersonate them in other ways.

"American Express would never send an unsolicited email asking customers to click a link to update account details. And, genuine American Express emails will always greet customers by their names. It will never use generic greetings such as 'Dear Customer'," points out Hoax-Slayer. "It is always safest to access all of your online accounts by typing the account address into your browser's address bar rather than by clicking an email link.


Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 24th