Notification on recent suspicious activity – AMEX Fraud

The latest twist on American Express Phishing fraud emails is making the rounds with a subject/sender typically seen as:

Subject:     Notification on recent suspicious activity
From:     American Express <security@online.americanexpress.com>

The sending address is spoofed, and the spammer goes one step further, injecting a false “received header” entry to try and convince spam software and/or unsophisticated users into believing the email really did come from an AMEX server.

‘from mail.americanexpress.com (unknown [173.224.211.52]) by smtpscan-6.userservices.net (Postfix) with SMTP id E63984F20261 for <mbailey@mind.net>; Sun, 2 Jan 2011 06:17:14 -0800 (PST)’

In reality, 173.224.211.52 resolves to: “unassigned.psychz.net”  which is some sort of shared hosting system based in Walnut, CA.

The bogus email itself tells users there is reason to believe their accounts have been accessed by some “unauthorized third party” and implores the recipient to “click here to complete the verification process.”

Notification on recent suspicious activity

Click for Larger Image

As can be expected, the actual link most assuredly does not take you to an American Express server, but instead to faked “login pages” that are used to steal users login and passwords.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , ,

Comments are closed.