© Depositphotos.com/ barcova.natalia
Subj: America Express Online Security Service Notification
DEAR VALUED CUSTOMER,
Your online banking account has to be updated as we impose measures to ensure your safety while banking online.
PLEASE CLICK BELOW TO CONTINUE
Verify your Access
These features are made to provide the most secure service and protection to you while online as failure to adhere may affect your online banking access in the future.
Legal Advisor, America Express.
The message greets users generically as "Dear Customer" and claims to be from an unnamed American Express "legal advisor".
In fact, the message is not from American Express. It is a phishing scam designed to fool recipients into divulging their personal and financial information via a fake American Express website. Those who click the link will be taken to a site that hosts the form shown in the following screenshot:
The bogus form asks for credit card details as well as account login credentials, personal and contact information and even the user's email account password. Once victims have completed the form and clicked the "Submit" button, they will be automatically redirected to the real American Express website.
Meanwhile, the criminals running the phishing attack can use the stolen information to commit credit card fraud and identity theft as well as hijack American Express accounts belonging to their victims. They can also take control of victim email accounts and use them to launch further spam and scam campaigns.
American Express would never send an unsolicited email asking customers to click a link to update account details. And, genuine American Express emails will always greet customers by their names. It will never use generic greetings such as "Dear Customer". The company has published information about phishing scams and how to report them on its website.
Phishing scammers continue to attack Internet users all over the world and many users continue to fall for their tricks. Be cautious of any unsolicited message that claims that you must provide account information by clicking a link or opening an attached file. It is always safest to access all of your online accounts by typing the account address into your browser's address bar rather than by clicking an email link.
Last updated: July 24, 2013