It must be phishing season. It was just a few days ago that I described a Chase phishing email and today’s Scam of the day is about a phishing email that purports to be from American Express. It was brought to my attention by a Scamicide reader who received it and frankly it is one of the most convincing phishing emails that I have seen in a long time. The graphics, grammar and overall appearance of the email is excellent. As always, the purpose of a phishing email is to lure you into clicking on links contained within the email or providing personal information. If you click on the links, you end up downloading malware and if you provide the requested information, it ends up being used to make you a victim of identity theft. This particular email indicates that irregular activity was detected on your American Express card and that you must verify your account activity before you can continue using your card. It then provides you with a link to click on to remove those restrictions. While in this particular phishing email, the intended victim was mentioned by name and the email even had the last few digits of his American Express Card, it was definitely a phishing email scam. In this particular case, the giveaway was that the email address from which the phishing email was sent was one that had no relation to American Express and was most likely merely the email address of someone whose email account had been hacked and used as part of a botnet to send out phishing emails.
TIPS
Never click on links or download attachments in emails or text messages unless you have absolutely confirmed that they are legitimate. If you receive an email such as this and you have the slightest thought that it might be legitimate, you should call the 800 number on the back of your credit card to confirm that this is a scam. Finally, be careful if you do make the call to your credit card company because in some instances, enterprising scammers will purchase phone numbers that are only a digit off from those of legitimate credit card companies or banks in an effort to snare people who may mistakenly misdial the number when trying to contact their credit card company or bank.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”