An American Express phishing campaign is in circulation this month.  The attack attempts to capture the victims online banking credentials by convincing them that their online banking information is not correct.

Sample E-mail:

AMEX Phishing E-mail

The e-mail appears to come from AmericanExpress@welcome.aexp.com and it reads:

Dear Customer,

Our technical service department has recently discovered that your information on file with us is incomplete.

Your American Express on file with us is: 37xxxxxxxxxxxxxx.

Please update your American Express account on our secured server below:

(If you cannot click on the link, please copy and paste it into your browser’s address bar).

Continue To Online Update Form

We appreciate your prompt attention to this important matter.

*If your account information is not updated within 48 hours then your ability to access your account will be restricted.

Thank you

Sincerely American Express Company, Member FDIC.

Clicking the link renders a page identical to the American Express website:

American Express Phishing Page

By taking a look at the source code, we can see that the credentials will be passed over to the criminals via a php submission form:

go.php

This type of phishing campaign is the oldest trick in the book, but you can easily avoid it by knowing that financial institutions will never ask you to divulge your personal information.