Friday, March 16, 2012

American Express Spam Luring Users into Drive-by-Download Attack

American ExpressThe BBB is warning the public not to fall for an American Express phishing email that’s being spammed out by cybercrooks in order to drive traffic to drive-by-download sites.

The emails, titled “Thanks for Updating Your Email” have been carefully crafted to closely resemble legitimate emails and carry the American Express logo and color scheme.  All of the links inside the email – including those in the footer – point to a third-party website rigged with malicious code that will attempt to install malware on the user’s machine upon visit.

Here is one of the emails intercepted by the Better Business Bureau:

American Express Phishing Email
Thanks for updating your email address

Cardholder,

Thanks for updating your e-mail address with us.

We changed your e-mail address in our files to [EMAIL]. If this is correct, you can disregard this e-mail. If the new e-mail address is not correct or you did not request this change, please CLICK HERE, or log in to online.americanexpress.com.

Thank you for your Cardmembership.

Sincerely,

American Express Customer Service

Contact Customer Service | View Our Privacy Statement  | Add Us to Your Address Book

Your Cardmember information is included in the upper-right corner to help you recognize this as a customer server e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing. We kindly ask you not to reply to this e-mail but instead contact us securely via the customer service link above.

Copyright 2012 American Express Company. All rights reserved.

If you receive this email, it is advised that you:

  • Do not reply to the email and avoid clicking on any of the embedded links.

  • Forward the email to spoof@americanexpress.com

  • Delete the email.


As a side note, it is always best to type the URL of the website that you wish to visit directly into your browser address bar instead of clicking on the links provided within emails. This will minimize your chances of falling for a phishing scheme or malware trap.

Stay safe!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment