Issue 132 - June 2012 (1st Edition) - Page 6
American Express 'Verify User ID' Malware Email
Email purporting to be from American Express asks if the recipient recently tried to verify his or her account ID or change the account password.
The email is not from American Express. The message is designed to trick recipients into clicking a link in the mistaken believe that someone has tried to access their American Express account. The link opens a website that harbours malware.
Detailed analysis and references below example.
Last updated: 21st May 2012
First published: 21st May 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
subject: Your American Express Forgotten User ID
Verify Your Request
Your Account Number Ending:
Did you recently verify your User ID or reset the password that you use to manage your American Express? Card account online?
If so, you can disregard this email. To help protect your identity online, we wanted to be sure that you had made this request.
If not, please click here, or log on to [Link Removed] so we can protect your account from potential fraud.
Thank you for your Cardmembership.
American Express Customer Service
P.S. To learn how to protect yourself on the internet and for information about Identity Theft, Phishing and Internet Security, please visit our Fraud Protection Center at
View Our Privacy Statement Add Us to Your Address Book
This customer service email was sent to you by American Express. You may receive customer service emails even if you have requested not to receive marketing emails from American Express.
Copyright 2012 American Express Company. All rights reserved.
This message which purports to be from American Express, asks recipients if they have recently verified their Amex User ID or reset their account password. According to the message, if recipients have not done so, then their account may have been targeted by fraudsters and they should therefore click a link in order to protect their account and identity.
However, the email is not from American Express. In fact, the message is part of an ongoing campaign designed to trick recipients into downloading and installing malware. Those who click the link will be taken to a webpage that advises them to wait while the page is loading (see screenshot on right). However, an American Express login page does not appear as the user would expect. Instead, the page will redirect to another site that harbours the BlackHole exploit kit
. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware. Typically, the malware downloaded in such criminal campaigns can collect private information such as banking username and password combinations and relay it back to cybercriminals.
Criminals intent on distributing Blackhole have used a number of similar email campaigns in recent months including fake Verizon Wireless bills
, bogus Amazon.com order notifications
and flight ticket confirmations
falsely claiming to be from various airline companies.
Some of these recent malware distribution campaigns have been quite sophisticated and the fake emails may appear genuine at least until they are examined more carefully. Rather than click on email links, it is safer to open your browser and go to the service provider's website directly by entering their web address. It is also important to make sure you have installed the latest security updates for your browser and operating system and have up-to-date antivirus and anti-malware software protecting your computer.
BlackHole Exploit Kit
Bogus Verizon Wireless Bill Email Points to Malware
Bogus Amazon Shipping Confirmation Emails Point To Malware
US Airways 'Flight Confirmation' Malware Emails
Pages in this issue:
- Spurious First Aid Advice Message - Eggs For Treatment of Burns
- ANZ Bonus Reward Points Phishing Scam
- London Olympics 2012 Lottery Scam
- Images Of Strange Mermaid Found On Beach
- Walmart '$75 Credit for Customers' Phishing Scam
- American Express 'Verify User ID' Malware Email
- Postcard Campaign for Charlie - Please DO NOT Send Any More Cards
- Norton 'Protection Notification' Email Account Phishing Scam
- Domain Name Application Scam
- Immigration Quote Wrongly Attributed to Sir Edmund Barton