Malware on Laptop Computer
Home Malware American Express ‘Verify User ID’ Malware Email

American Express ‘Verify User ID’ Malware Email

by Brett M. Christensen

Outline

Email purporting to be from American Express asks if the recipient recently tried to verify his or her account ID or change the account password. 

Brief Analysis

The email is not from American Express. The message is designed to trick recipients into clicking a link in the mistaken belief that someone has tried to access their American Express account. The link opens a website that harbours malware.

Example

subject: Your American Express Forgotten User ID

Confirmation

Verify Your Request

Your Account Number Ending:

Dear Customer,

Did you recently verify your User ID or reset the password that you use to manage your American Express? Card account online?

If so, you can disregard this email. To help protect your identity online, we wanted to be sure that you had made this request.

If not, please click here, or log on to [Link Removed] so we can protect your account from potential fraud.

Thank you for your Cardmembership.

Sincerely,

American Express Customer Service
P.S. To learn how to protect yourself on the internet and for information about Identity Theft, Phishing and Internet Security, please visit our Fraud Protection Center at

View Our Privacy Statement Add Us to Your Address Book

This customer service email was sent to you by American Express. You may receive customer service emails even if you have requested not to receive marketing emails from American Express.
Copyright 2012 American Express Company. All rights reserved.
AGNEUMYC0001001

American Express Malware Email

 

Detailed Analysis

This message which purports to be from American Express, asks recipients if they have recently verified their Amex User ID or reset their account password.

According to the message, if recipients have not done so, then their account may have been targeted by fraudsters and they should click a link in order to protect their account and identity.

However, the email is not from American Express. In fact, the message is part of an ongoing campaign designed to trick recipients into downloading and installing malware. Those who click the link will be taken to a webpage that advises them to wait while the page is loading. 
However, an American Express login page does not appear as the user would expect. Instead, the page will redirect to another site that harbours the BlackHole exploit kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware.

Typically, the malware downloaded in such criminal campaigns can collect private information such as banking username and password combinations and relay it back to cybercriminals.

Criminals intent on distributing Blackhole have used a number of similar email campaigns in recent months including fake Verizon Wireless bills, bogus Amazon.com order notifications and flight ticket confirmations falsely claiming to be from various airline companies.

Some of these recent malware distribution campaigns have been quite sophisticated and the fake emails may appear genuine at least until they are examined more carefully. Rather than click on email links, it is safer to open your browser and go to the service provider’s website directly by entering their web address.

It is also important to make sure you have installed the latest security updates for your browser and operating system and have up-to-date antivirus and anti-malware software protecting your computer.