AmEx users targeted with well-crafted phishing scheme
Posted on 29 October 2013.
A rather well-executed phishing campaign is targeting American Express users via fake "Fraud Alert: Irregular Card Activity" emails impersonating the AmEx Fraud Departement, warns Gary Warner.

"We detected irregular card activity on your American Express," it says. "As the Primary Contact, you must verify your account activity before you can continue using your card."

The email offers a link that seemingly points to AmEx' official website, and urges potential victims to update their account information within 24 hours if they don't want to have access to their accounts restricted.

Unfortunately, the link leads to one of 419 different URLs hosted on compromised servers, and via a Java Script file finally redirects users to the fake AmEx account settings website.

The victims are asked to enter their user ID and password, Social Security number, birth date, their mother's maiden name, her birth date, and the PIN associated with the card. On the next page, they are told to enter the card number:


Finally, they are instructed to share the expiration date and the 3-digit security code on the back of their card.

The hapless victim is then "given" 5,000 bogus reward points and redirected to AmEx' legitimate site. Needless to say, the information he or she entered has been sent to the phishers and will be used to make unauthorized purchases or will be sold to other crooks who will do the same.

If you have fallen for this scheme, contact American Express immediately so that they can block and revoke your card. If you're lucky, the money in your account is still there or will be refunded by the company if it's not.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //