Major companies are under constant attack, hackers are not just hurting the corporations, but are are extracting and exploiting sensitive consumer information. Recently, American Express was the subject of such a phishing attack. Criminals obtained customer information and impersonated American Express in a sophisticated manner.
With this new scam, American Express users receive e-mails which appear to be from the company. For example, the return address might be listed as AmericanExpress@welcome.aexp.com. The e-mail will advise recipients to protect themselves from phishing and fraud by creating an “American Express Personal Safe Key (PSK).” The key is explained as a measure through which to optimize account security. Readers click the “Create a PSK” link, and are redirected to a fake American Express login page with the url http://amexcloudcervice.com/login/. While some people might note the spelling error in the url, many individuals miss it and proceed.
What Information Do The Phishers Request?
Once individuals input their login credentials on the page, they are presented with more pages requesting information. The information requested includes:
- credit card numbers
- card expiration dates
- CVV codes
- social security numbers
- birth dates
- mothers’ maiden names
- mothers’ birth date
- date of birth
- e-mail addresses
The interface in which the information request appears, looks similar to the real American Express website. However minor the differences, some people might detect fraud given that American Express would not need to request information that it already has.
Can Phishers Be Caught?
Unfortunately, shutting down the phishers who produce and profit from these types of scams is challenging. Additionally, other criminals who discover the original phishing system can utilize its interface and various coding devices to launch their own phishing attack.
How To Protect Yourself
Despite the fact that discovering and dismantling the efforts of phishers can be challenging, there are several things that AmEx users can do to keep themselves safe. Here are some safety suggestions to follow:
- When you receive an e-mail from a credit card company, call them immediately. Use the number listed on the back of your card.
- Don’t ever log on to a sensitive page by clicking links in a document, webpage, or message. Instead, get in the habit of typing the link.
- If you click on a link from a suspicious e-mail, shut down your browser. Next, disconnect the computer from the Internet. Then run a scan for malware.
- Don’t open an e-mail on a device which does not use security software. Also make sure that the security software you utilize is offering automatic, regular updates.
Summation of the Phishing Attack
While criminals are becoming increasingly sophisticated and savvy in their phishing practices, managing to defraud an increasing number credit card users. However, you can protected your information and capital by staying alert and utilizing various security measures. Refer to the information found in this article to ensure that you are implementing the safety strategies necessary to detect and avoid a phishing scam.