Outline
Email purporting to be from credit card provider American Express claims that irregular and unusual activity has been detected on your account and you must click a link to verify your details or the account will be restricted.
Brief Analysis
The email is not from American Express. The message is a scam designed to trick AmEx customers into giving a large amount of personal and financial data to Internet criminals.
Example
Subject: We noticed unusual activity in your American Express account
Dear Valued Customer,
We detected irregular activity on your American Express.
Check Card on 8th October 2013.
As the Primary Contact, you must verify your account activity before you can continue using your card, and upon verification, we will remove any restrictions placed on your account.
To review your account as soon as possible please.
Please click on the link below to verify your information with us:
[Link Removed]
If you account information is not updated within 48 hours then your ability to access your account will be restricted.
We appreciate your prompt attention to this important matter.
©2013 American Express Company. All rights reserved.
Detailed Analysis
According to this email, which purports to be from credit card provider American Express, irregular and unusual activity has been detected on the recipient’s American Express account. The email warns that, unless the recipient clicks a link to update information within 48 hours, restrictions will be placed on the account.
However, the email is not from American Express. Instead, it is a quite typical phishing scam designed to extract personal and financial information from American Express customers.
The initial email is quite a crude attempt. Paradoxically, however, the bogus web pages used in the scam are fairly sophisticated.
Those panicked into clicking the link in the scam email will first be taken to a bogus page designed to look like a genuine AmEx webpage and asked to log in with their user ID and password:
After “logging in” on the bogus site, the following “security message” will be displayed:
Your security is very important to us.Because of high numbers of identity theft attempts we need to apply additional security to your account in order to keep our Cardmember safe.
Every couples of month we will screen this alert to your account and we will ask you to update your Personal information.
This way we reduce the risk of identity theft and all your personal informations will be kept safe.
This is not an optional step, if you do not complete the next form we will be forced to Lock your account.
Please press Continue and complete the form on the next page as soon as possible.
After pressing “Continue”, they will be presented with a form that asks for credit card data as well as a large amount of personal information:
Next, another form will appear that asks them to input both their email address and email account password, supposedly as a means of proving their identity:
Finally, they will be automatically redirected to the genuine American Express website.
Meanwhile, the scammers can harvest all of the information submitted via the bogus forms. Using this stolen information, the scammers can hijack American Express and email accounts belonging to their victims and lock out the rightful owners. They may also use the harvested information to steal the identities of victims.
American Express customers are regularly targeted in such phishing campaigns. Phishing continues to be a very common type of criminal activity. Be wary of any unsolicited message that claims that you must click a link or open an attached file to rectify a supposed issue with your online account.
Original Source : https://www.hoax-slayer.net/american-express-unusual-activity-phishing-scam-2/