Dear American Express Customer – Phishing Fraud

Up until now, we haven’t really seen many “American Express” Phishing fraud emails, though we’re not really sure why.

Perhaps it is related to smaller market share, or a perception that such card holders might be slightly more sophisticated and harder to trick?  Whatever the reason, based on volume of the latest campaign, it’s irrelevant now.

Emails are arriving in mass, with a wide variety of spoofed Sender variations such as:

  • “American Express” <autoremailer@cc.americanexpress.com>
  • “American Express” <customercare@cards.americanexpress.com>
  • “American Express” <customercare@cc.americanexpress.com>
  • “American Express” <customercare@mail.americanexpress.com>
  • “American Express” <donotreply@card.americanexpress.com>
  • “American Express” <forms@card.americanexpress.com>
  • “American Express” <forms@cards.americanexpress.com>
  • “American Express” <forms@cc.americanexpress.com>
  • “American Express” <noreply@card.americanexpress.com>
  • “American Express” <no-reply@cards.americanexpress.com>
  • “American Express” <online@cc.americanexpress.com>
  • “American Express” <online@mail.americanexpress.com>
  • “American Express” <onlineforms@cc.americanexpress.com>
  • “American Express” <onlineforms@mail.americanexpress.com>
  • “American Express” <support@mail.americanexpress.com>

The Subject lines are less varied, generally including one of these:

  • American Express Online Form
  • customer notification
  • important alert
  • important information
  • important instructions
  • important notification
  • important security update
  • instructions for customer
  • official information

Regardless of the Sender address and Subject line variations, the body of the emails has been fairly consistent:

American Express Phishing Fraud

Click for Larger Image

The text of the message says:

Dear American Express customer,

A newly revised American Express Online Form has been issued by the American Express Customer Care Team. Please complete this form as soon as possible You can access the form at:

American Express Online Form.

Thank you for choosing American Express.

Sincerely,
American Express

To learn more about e-mail security or report a suspicious e-mail, visit us at americanexpress.com/phishing. We are unable to answer replies to this e-mail.

Unfortunately, the “Online form” links to a variety of malware sites, distributed across the globe, and each is attempting to trick visitors into supplying their actual American Express username and password.

Whether or not Amex users are less likely to fall for the scam is anybody’s guess at this point, but time will soon tell.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , ,

2 Responses to “Dear American Express Customer – Phishing Fraud”

  1. Isabela says:

    I knew right away that this is not an official email from AMEX. First of all, I verified over the phone a transaction and just ended my chat when this email came through. What card should I activate? All mine are activated. If I did not have one, I still would not fall for this. AMEX customers all over the globe, let’s make these phishers go nowhere with their attempts. Send your note to a friend and make knowledge count to your advantage.

    Here it is:

    From: American Express [mailto:AmericanExpress@email2.americanexpress.com]
    Sent: Monday, June 21, 2010 5:50 PM
    Subject: Activate Card Account

    Activate your Card Account

    For your security:
    ________________________________________
    Dear Customer,

    Due to the recent upgrade of our server on 01 June 2010,we have issued an warning message. It has come to our attention that some of our customers no longer have access to their Cardmembership account.

    We need you to Manage Your Card Account online, activate your Cardmembership and update your personal information.

    Simply go directly http://www.americanexpress.com and select Activate a Card option or just click here. This process is mandatory, and if not completed within the nearest time your Cardmembership may be suspended. We apologize for any inconvenience this may cause you.

    Thank you for your Cardmembership.

    Sincerely,
    American Express Customer Service
    ________________________________________

    Thanks to our Cardmembers, American Express was ranked “Highest in Customer Satisfaction with Credit Card Companies, Three Years in a Row” by J.D. Power and Associates.*

    Contact Customer Service | View Our Privacy Statement | Add Us to Your Address Book
    © 2010 American Express Company. All rights reserved.

  2. I also got one today. They sent me a .RAR attachment with a .EXE file in it. Please be careful. Content as belows:

    Please do not reply to this message. This e-mail was sent from a
    notification-only address that cannot accept incoming e-mail.

    This email has been sent from American Express International, Inc.,
    Sydney at the request of E L K Intertrade Pty Ltd.

    American Express are pleased to inform you that E L K Intertrade Pty
    Ltd has initiated a payment through us to your organization. You
    should receive the payment in your financial institution account in
    the next few business days.

    Our Transaction Reference: 2011ED/564/09932AMEX
    Currency: USD
    Amount: 5,985.00
    Sender’s Name: E L K Intertrade Pty Ltd

    Details of this transfer is attached along with this email, If you
    have any more questions regarding this payment, please contact E L K
    Intertrade Pty Ltd direct as American Express cannot provide further
    details of this transaction to your organization.

    Safe and Secure

    The FX International Payments team from American Express will NEVER
    ask you to supply your confidential information or login details at
    any time. If you receive a suspicious communication asking you to do
    so, you should contact American Express on 1300 584 854. Please view
    our security pages at:
    http://www.americanexpress.com.au/fxip/safeandsecure

    Privacy Statement

    Contact us:
    http://www.americanexpress.com/australia/customerservice/contactamex.shtml
    Privacy Statement:
    http://www.americanexpress.com/australia/legal/privacy.shtml

    American Express International, Inc. (ABN 15 000 618 208) AFS Licence
    No. 237996. Incorporated with limited
    liability in Delaware USA.
    ® Registered trademark of American Express Company
    © 2011 American Express Company. All rights reserved.