Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Issue 132 - June 2012 (1st Edition) - Page 6

American Express 'Verify User ID' Malware Email

Issue 132 Start Menu

Previous Article            Next Article

Outline
Email purporting to be from American Express asks if the recipient recently tried to verify his or her account ID or change the account password.



Brief Analysis
The email is not from American Express. The message is designed to trick recipients into clicking a link in the mistaken believe that someone has tried to access their American Express account. The link opens a website that harbours malware.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: 21st May 2012
First published: 21st May 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
subject: Your American Express Forgotten User ID

Confirmation

Verify Your Request

Your Account Number Ending:

Dear Customer,

Did you recently verify your User ID or reset the password that you use to manage your American Express? Card account online?

If so, you can disregard this email. To help protect your identity online, we wanted to be sure that you had made this request.

If not, please click here, or log on to [Link Removed] so we can protect your account from potential fraud.

Thank you for your Cardmembership.

Sincerely,

American Express Customer Service
P.S. To learn how to protect yourself on the internet and for information about Identity Theft, Phishing and Internet Security, please visit our Fraud Protection Center at

View Our Privacy Statement Add Us to Your Address Book

This customer service email was sent to you by American Express. You may receive customer service emails even if you have requested not to receive marketing emails from American Express.
Copyright 2012 American Express Company. All rights reserved.
AGNEUMYC0001001

Amex Malware Email




Detailed Analysis
This message which purports to be from American Express, asks recipients if they have recently verified their Amex User ID or reset their account password. According to the message, if recipients have not done so, then their account may have been targeted by fraudsters and they should therefore click a link in order to protect their account and identity.

Wait Page Loading Malware
However, the email is not from American Express. In fact, the message is part of an ongoing campaign designed to trick recipients into downloading and installing malware. Those who click the link will be taken to a webpage that advises them to wait while the page is loading (see screenshot on right). However, an American Express login page does not appear as the user would expect. Instead, the page will redirect to another site that harbours the BlackHole exploit kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware. Typically, the malware downloaded in such criminal campaigns can collect private information such as banking username and password combinations and relay it back to cybercriminals.

Criminals intent on distributing Blackhole have used a number of similar email campaigns in recent months including fake Verizon Wireless bills, bogus Amazon.com order notifications and flight ticket confirmations falsely claiming to be from various airline companies.

Some of these recent malware distribution campaigns have been quite sophisticated and the fake emails may appear genuine at least until they are examined more carefully. Rather than click on email links, it is safer to open your browser and go to the service provider's website directly by entering their web address. It is also important to make sure you have installed the latest security updates for your browser and operating system and have up-to-date antivirus and anti-malware software protecting your computer.

Bookmark and Share

References
BlackHole Exploit Kit
Bogus Verizon Wireless Bill Email Points to Malware
Bogus Amazon Shipping Confirmation Emails Point To Malware
US Airways 'Flight Confirmation' Malware Emails

Previous Article            Next Article

Issue 132 Start Menu

Pages in this issue:
  1. Spurious First Aid Advice Message - Eggs For Treatment of Burns
  2. ANZ Bonus Reward Points Phishing Scam
  3. London Olympics 2012 Lottery Scam
  4. Images Of Strange Mermaid Found On Beach
  5. Walmart '$75 Credit for Customers' Phishing Scam
  6. American Express 'Verify User ID' Malware Email
  7. Postcard Campaign for Charlie - Please DO NOT Send Any More Cards
  8. Norton 'Protection Notification' Email Account Phishing Scam
  9. Domain Name Application Scam
  10. Immigration Quote Wrongly Attributed to Sir Edmund Barton