While fishing season may be limited in some places, phishing season always is going on and today’s Scam of the day is about a phishing email that purports to be from American Express. It was brought to my attention by a Scamicide reader who received it and frankly, it is one of the most convincing phishing emails that I have seen in a long time. The graphics, grammar and overall appearance of the email is excellent. As always, the purpose of a phishing email is to lure you into clicking on links contained within the email or providing personal information. If you click on the links, you end up downloading malware and if you provide the requested information, it ends up being used to make you a victim of identity theft. This particular email indicates that American Express does not have a valid mobile phone number associated with your account on record and asks you to click on a link within the email to provide that information.   While in this particular phishing email, the intended victim was mentioned by name and the email even had the last few digits of his American Express Card, it was definitely a phishing email scam. In this particular case, the giveaway was that the email address from which the phishing email was sent was one that had no relation to American Express although it did appear to be from American Express .  Clicking on links in phishing emails or specifically tailored spear phishing email as this email was can result in your either downloading dangerous malware or your providing sensitive information which can be used to make you a victim of identity theft.

TIPS

Never click on links or download attachments in emails or text messages unless you have absolutely confirmed that they are legitimate. If you receive an email such as this and you have the slightest thought that it might be legitimate, you should call the 800 number on the back of your credit card to confirm that this is a scam. Be careful if you do make the call to your credit card company because in some instances, enterprising scammers will purchase phone numbers that are only a digit off from those of legitimate credit card companies or banks in an effort to snare people who may mistakenly misdial the number when trying to contact their credit card company or bank.

You may wonder what the problem is if a cybercriminal merely gets your cell phone number, but it really is a big deal.  Because cell phone numbers are often used as an identifier on various social media sites and apps, having this information can enable a sophisticated identity thief to take over your social media accounts.  Having your cell phone number is also the first step in taking over your cell phone and porting your cell phone number to a phone controlled by the scammer who can use it to access your bank accounts or run up charges in your name.  For more information about this and how to protect yourself, see the Scam of the day for May 14, 2019.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”