Armorblox security researchers have uncovered a new phishing campaign in which attackers are targeting American Express customers.
As per researchers, in this phishing scam, scammers lure American Express cardholders into opening an attachment and try to steal confidential data to access their accounts.
In this financially motivated campaign, attackers first send a spoofed email of the much-recognized card brand and ask the customers to click on the link included in the email attachment.
Using social engineering and brand impersonation, the attackers lure their targets onto fake and malicious landing pages.
When the victim clicks on this link, they are redirected to a fake American Express landing page. This page is also crafted smartly to resemble the original American Express login page, including the company’s genuine logo, navigational links, and a link to download the American Express app.
In reality, scammers are using a customised domain for this attack. Once there, victims are prompted to sign in to verify their accounts. They enter their user ID and password.
The Legit-looking Phishing Email
In this phishing scam, the email is designed to appear as an authentic American Express notification. The email subject, according to Armorblox’s blog post, reads: “Important Notification About Your Account.”
It informs the recipient to verify their account. Otherwise, the company will suspend it. The phrase “This is your last…
