Outline
Email purporting to be from American Express claims recipients must open an attached file and fill in a form in order to verify their American Express account information.
Brief Analysis
The email is not from American Express. It is a phishing scam designed to trick recipients into divulging financial and personal information to Internet fraudsters.
Example
Subject: Your American Express Membership Security Verification ®
Dear Customer,
During your regulry scheduled accounts manintenance verification procedure,we have detected a slight error regarding your American Express Account.
This might be due to one of the following reasons.
1. A recent change in your personal information (i.e address changing)
2. Submitting invalid information during sign up process
3. Multiple failed logins in your personal account
4. An inability to accurately verify your selected optional payment due to an internal error within our system
Please verify your information by Downloading the Attachment file and open in a browser to Continue
*If your account information is not verified within 48 hours then your ability yo access your account will be restricted.
Thank You.
American Express Company
Copyright © 2012 American Express Company. All right reserved.
Screenshot of the attached file:
Detailed Analysis
According to this email, which claims to be from American Express, a “slight error” has been detected in the recipient’s American Express account that needs to be rectified. The message claims that, unless the recipient opens an attached file and verifies account information within 48 hours, access to the account will be restricted.
However, the email is, in fact, a scam and has no connection with American Express whatsoever. Those who fall for the ruse and open the attached file will be asked to provide a large amount of personal and financial information via a web form that opens in their browser. The supposed “Card Membership Verification” form asks for credit card details, including the card’s ATM PIN as well as the user’s social security number and other identifying information along with address and contact details. The form even asks the user to provide a password for his or her email account.
But, alas, all of the information submitted on the fake form will be sent to online criminals and subsequently used to steal the identities of victims as well as use their credit card details to conduct fraudulent transactions. The scammers may also hijack the email accounts of victims and use the compromised accounts to conduct further spam and scam campaigns.
American Express would never ask its customers to verify account details by filling in an unsecure form contained in an email attachment or accessed via a clicked link. Nor would any other legitimate financial entity. Such phishing scams are very common. Other credit cards service providers, including Visa, are also regularly targeted in similar phishing scams. Be wary of any email purporting to be from a financial service provider that claims that you are required to verify your account by clicking a link or opening an attachment. This is a very common criminal ploy. If you receive such an email, do not click on any links or open any attachments that it contains.
It is always safest to login to your online accounts by entering the account web address into your browser’s address bar.
Original Source : https://www.hoax-slayer.net/american-express-security-verification-phishing-scam/