An American Express phishing campaign is in circulation this month. The attack attempts to capture the victims online banking credentials by convincing them that their online banking information is not correct.
Sample E-mail:
The e-mail appears to come from AmericanExpress@welcome.aexp.com and it reads:
Dear Customer,
Our technical service department has recently discovered that your information on file with us is incomplete.
Your American Express on file with us is: 37xxxxxxxxxxxxxx.
Please update your American Express account on our secured server below:
(If you cannot click on the link, please copy and paste it into your browser’s address bar).
Continue To Online Update Form
We appreciate your prompt attention to this important matter.
*If your account information is not updated within 48 hours then your ability to access your account will be restricted.
Thank you
Sincerely American Express Company, Member FDIC.
Clicking the link renders a page identical to the American Express website:
By taking a look at the source code, we can see that the credentials will be passed over to the criminals via a php submission form:
This type of phishing campaign is the oldest trick in the book, but you can easily avoid it by knowing that financial institutions will never ask you to divulge your personal information.