Email Spam Alert - American Express / Home Depot Breach Phishing Scam

We're blocking a massive new phishing spam campaign today disguised as an urgent email from American Express to customers concerned about the recent Home Depot security breach. It includes a link to an authentic-looking but fake American Express login page. As always, do NOT click the links in the email, do not go to the site and do not enter your username or password.

What is a Phishing Scam?

In a phishing scam, you get an email with an urgent message that looks like it's from your credit card company, bank, etc. It's trying to get you to click on a link, which takes you to a fake login page designed to steal your account information, money, identity, etc.

Never click the links in such an email. If you're concerned about your account, type the actual URL that you know is safe into your web browser and log in from there.

This Phishing Scam

The emails in this campaign look fairly authentic, but the real danger is the website they take you to. First, here's what one of the emails looks like:

Phishing Spam Alert - American Express / Home Depot - September 2014

"American Express" phishing email spam aimed at those concerned about the recent Home Depot breach.

The email, which may change over time, has all the indicators of spam:

  • Generic Greeting: It addresses the recipient as "Dear Customer" instead of by name. If this were legitimate, it would have your name in it. But that does not guarantee legitimacy. "Spear phishing" campaigns are from spammers who have and use your real name.
  • Good Formatting: Spammers are getting better and better at faking legitimate emails. This one looks pretty good, although there are some border issues. It also has a footer with what looks like legitimate contact info.
  • Urgent Message: The message is designed to make you worry that your account is not secure and click on the link right away without thinking. We call that the "click-me" link; something that occurs in most spam and takes you somewhere you don't want to go.

Because we update our database every few minutes, our users probably didn't see this campaign at all.

Where the Link Goes

If you were to click the link in the email, it would not take you to the American Express website. Instead, it goes to a page on a domain owned or hacked by the spammer. Because the destination URL looks so authentic, we wanted to point it out. Here's a screen shot of the web page

Phishing Spam Alert - Fake American Express Website - September 2014

The authentic-looking (and dangerous) fake "American Express" website.

How We Blocked This Email Spam

Our 24/7/365 spam review team caught and blocked it right away, protecting our customers. Despite looking very authentic, we had no trouble blocking, as it uses tricks employed by spammers that we see all the time.

Without giving away our secrets, we are blocking this campaign based on multiple factors, including the URL in the click-me link and phrases that are in it. Unlike many other spam filters, we don't block based on individual words (like "Amex") because they occur in a lot of legitimate email. Instead, we block based on long phrases that we know will only appear in spam.

That helps reduce false positives (legitimate messages blocked) without lowering our spam-blocking rate. That's important because Amex might actually be sending out warnings to its customers and we don't want to block those.

For More Info

SpamStopsHere works differently from other anti-spam programs. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.

Our spam review team, along with our proprietary Spamalyzer 3.0, analyzes and blocks email threats for our customers 24/7/365. That's a claim almost no other antispam provider can make.

Click here for more about SpamStopsHere and our 24/7/365 live support

This article is for informational purposes. The marks referred to are the property of their respective owners. No endorsement by third parties is implied and none should be inferred.