Scam of the day – April 19, 2015 – American Express phishing scam

Many people are reporting receiving the following email which appears to have been sent by American Express.  It reads as follows:

“Dear American Express customer:

We have recently detected that a different computer user has attempted gaining access to your online account and multiple passwords were attempted with your user ID. Hence it is necessary to re-confirm your account information and complete a profile update. You can do this by downloading the attached file and updating the necessary fields. Note: If this process is not completed within 24-48 hours we will be forced to suspend your account online access as it may have been used for fraudulent purposes. Completion of this update will avoid any possible problems with your account. Thank you for being a valued customer.”

American Express is a popular credit card with more than a hundred million cardholders worldwide so when scammers send out a blast of emails such as the one above, they are bound to find a considerable number of American Express cardholders among the people receiving this email.  This type of email scam, which is called “phishing” attempts to scare the person receiving the email into downloading the attachment or, in other instances, clicking on a link, in order to fix the problem described in the email.  Because the problem is both plausible and serious, many people fall for this scam and download the attachment or click on the link.  In this particular scam, the attachment downloaded malware that stole personal information from the computers of the people downloading the attachment and used that information to make them victims of identity theft.  In addition, the attachment also asked for personal information that also could be used for identity theft purposes.

TIPS

Regardless of how legitimate an email or text message appears and regardless of how much it may appear to require immediate action on your part, you should never click on a link or download an attachment in any email or text message unless you are absolutely sure that it is legitimate.  In this case, the mere fact that the email is addressed to “Dear American Express customer” rather than to the email recipient by name is an indication that this is a scam.  In any event, the best thing to do, if you believe that the email might be legitimate, is to contact American Express directly at the phone number on the back of your American Express credit card to find out whether or not the email or text message was legitimate.