Email claiming to be from American Express informs recipients that they must click a link to update online banking account information because new security measures are being imposed.
The email is not from American Express. It is a phishing scam designed to trick recipients into giving their credit card details and other personal information to cybercriminals.
Subj: America Express Online Security Service Notification
DEAR VALUED CUSTOMER,
Your online banking account has to be updated as we impose measures to ensure your safety while banking online.
PLEASE CLICK BELOW TO CONTINUE
Verify your Access
These features are made to provide the most secure service and protection to you while online as failure to adhere may affect your online banking access in the future.
Legal Advisor, America Express.
According to this “security service notification”, which claims to be from American Express, users are required to update information in their online bank accounts because new security measures are being imposed. They are warned that “failure to adhere” to the update request may affect future access to the account.
The message greets users generically as “Dear Customer” and claims to be from an unnamed American Express “legal advisor”.
In fact, the message is not from American Express. It is a phishing scam designed to fool recipients into divulging their personal and financial information via a fake American Express website. Those who click the link will be taken to a site that hosts the form shown in the following screenshot:
The bogus form asks for credit card details as well as account login credentials, personal and contact information and even the user’s email account password. Once victims have completed the form and clicked the “Submit” button, they will be automatically redirected to the real American Express website.
Meanwhile, the criminals running the phishing attack can use the stolen information to commit credit card fraud and identity theft as well as hijack American Express accounts belonging to their victims. They can also take control of victim email accounts and use them to launch further spam and scam campaigns.
American Express would never send an unsolicited email asking customers to click a link to update account details. And, genuine American Express emails will always greet customers by their names. It will never use generic greetings such as “Dear Customer”. The company has published information about phishing scams and how to report them on its website.
Phishing scammers continue to attack Internet users all over the world and many users continue to fall for their tricks. Be cautious of any unsolicited message that claims that you must provide account information by clicking a link or opening an attached file. It is always safest to access all of your online accounts by typing the account address into your browser’s address bar rather than by clicking an email link.