Bogus AmEx notification leads to thorough phishing
Posted on 24 July 2013.
American Express-themed phishing emails are never out of circulation, but it pays to know which new (or recycled) angle is being used at the moment.

The latest one to hit inboxes is a bogus "America Express Online Security Service Notification", which urges users to follow the offered link and verify their access to their online banking account, because "failure to adhere may affect your online banking access in the future."

The link will take potential victims to a page sporting the AmEx logo and a form into which they are expected to enter their name, date of birth, address, card number, expiration date, PIN and CSC number, their AmEx user ID and password, and their email address and associated password:

All this information is more than enough for the scammers to be able to empty the victims' bank account, hijack their email account, and impersonate them in other ways.

"American Express would never send an unsolicited email asking customers to click a link to update account details. And, genuine American Express emails will always greet customers by their names. It will never use generic greetings such as 'Dear Customer'," points out Hoax-Slayer. "It is always safest to access all of your online accounts by typing the account address into your browser's address bar rather than by clicking an email link.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th