Like the Google phishing expedition, malicious spam emails impersonating American Express have been hitting inboxes in the last few days, trying to make recipients open the file in the attachment.
The email says it is a notification about a “Membership Security Verification,” and warns users they detected a “slight error” in their AmEx accounts. To make it right, and not loose access to their accounts in the next 48 hours, the victims are then told to download the attached HTML file and open it in a browser.
The phishers are looking for every bit of personal and financial information they can get, including the users’ name, address, home and work telephone numbers, Social Security number, mother’s maiden name and date of birth, users’ date of birth, AmEx credit card number, expiry date, card security code, ATM PIN, email address and the password for it.
All of the information submitted on the fake form will go to online criminals and subsequently used to steal the identities of victims as well as use their credit card details to conduct fraudulent transactions, said email security provider Hoax-Slayer.
American Express would never ask its customers to verify account details by filling in an insecure form contained in an email attachment or accessed via a clicked link, Hoax-Slayer researchers said.
Users to be wary of any similar email purportedly coming from any of the various credit cards service providers out there.