Outline
Email purporting to be from American Express claims that the recipient’s account was used to make a purchase, but the card was not presented during the transaction. The message suggests that the recipient click a link if he or she does not recognize the transaction.
Brief Analysis
The email is not from American Express. It is a phishing scam designed to panic people into giving their credit card details and other personal information to cybercriminals.
Example
Example
Subject: Account Alert: Card Not Present Transaction
Your account was used to make a purchase, however the Card was not presented to complete the transaction. This is usually the case with purchases made online or over the phone. If you do not recognize this transaction, please click here or visit our website at [Link removed].
Transaction Date:
Thu, Dec 05, 2013
Purchase Amount:
$7,800.82
Merchant Name:
APPLE WEB STORE
Detailed Analysis
According to this email, which claims to be from credit card provider American Express, a “card not present” transaction has been made via the recipient’s account. The message notes that this is usually the case when purchases are made online, but suggests that the user click a link to visit the American Express website if he or she does not recognize the transaction.
The email includes details of a supposed transaction via the Apple Web Store for a hefty $7,800.82.
However, the message is not from American Express and the transaction details listed are not real. The email is designed to panic recipients into clicking the link without due caution. When faced with what they believe may be a fraudulent transaction for several thousand dollars, some recipients of the message are likely to hastily click the link in the hope of tracking down details of the transaction.
But, alas, the link does not go to the genuine American Express website. Instead, it opens a fake site designed to closely mirror the appearance of the real AmEx site. Once on the fake site, victims will be asked to provide credit card details and other personal and financial information. All of the details submitted will be harvested by criminals and used to commit credit fraud and identity theft.
As with other financial entities, American Express customers are regularly targeted in such phishing campaigns. Be wary of any email from your bank or credit card provider that tries to entice you to click a link or open an attached file.
Phishing continues to be one of the most common types of Internet-based fraud.
Original Source : https://www.hoax-slayer.net/american-express-card-not-present-phishing-scam-email/