Fake American Express Phishing Email Captures Credentials

American Express is the latest “spoof” in a well-crafted phishing campaign designed to harvest personal identification information and account credentials.

The scheme follows the standard formula of phishing: Recipients receive an email claiming to be from American Express, expressing a sense of urgency regarding their account and requiring a reply.

The message suggests the recipient’s account access will be blocked if they do not complete the attached form regarding an “important membership upgrade.” The form, once completed, secretly transmits form data to the bad actor via a hacked website, while redirecting the recipient to the real American Express page in an attempt to hide its covert activity.

How to Spot This Email Scam

This campaign is well crafted. It uses actual American Express corporate graphics and links that point to legitimate American Express webpages, including one for reporting a security concern or suspicious email.

However, there are still a few tell-tale signs the email is not legitimate that users can look for:

  1. The email doesn’t originate from the American Express domain (americanexpress.com) but is instead sent from “AmericanTechSystems.com.”
  2. The “Friendly From” or display name shows as “American Express”; however, the “Return From” is actually a partially obfuscated address: “dontreply-americanexpservices-.”
  3. The “form” requesting profile information, rather than a link to an American Express web-page, is an HTML attachment comprised solely of Java script code.
  4. The email contains no recipient personalization. American Express — like many other companies — will personally address nearly every email communication by both first and last name, as well as include the last few digits of the user’s credit card number.
  5. The email also contains a number of grammatical errors.
American Express Important Message Phishing Email

Preventing Present and Future Email Scams

In today’s cyber landscape, users should always have their guard up, especially with emails like this one that attempt to harvest personal information. Even so, the complexity of phishing scams and their authentically-seeming nature can be tricky to spot for even the most vigilant users.

That’s why SpamStopsHere prevents emails like this “spoofed” American Express one from ever reaching a user’s inbox. The solution includes multi-layer filtering, attachment analysis, and other examinations that identify the red flags mentioned above and block a malicious email altogether.

For example, SpamStopsHere includes several filters specifically designed to safeguard against Business Email Compromise, phishing, and spoofing attempts. For example, given that 81 percent of attackers use display-name deception to impersonate trusted parties, our “Sender Unmasking” filter converts a spoofed “From” name to the sender email address, clearly identifying differences to users and making them aware of the misleading name.

The solution also contains filters that examine attachments for malicious code/content, as well as time-of-click analysis that evaluates embedded links to ensure a destination is safe from malicious code or intent.

Cyber attackers improve their tactics constantly. But protecting users from such attacks is what we do best, blocking 99.99 percent of malicious emails, while ensuring legitimate email keeps flowing safely. In this way, you can work securely and efficiently.

About SpamStopsHere

To find out more about SpamStopsHere, visit our product page, check out our simple pricing and start a FREE 30-Day trial, or contact us anytime via phone (800-458-3348 | 734-426-7500), chat or email. We're always here. 24/7/365.