Beware of American Express Emails With Attached Phishing Form

[silversurfer]

A phishing campaign is underway that pretends to be from American Express and states that there is a security issue with your credit card. It then prompts you to open an attached HTML phishing form that will send the inputted information back to the scammers.

BleepingComputer first heard about this phishing scam from myonlinesecurity.co.uk, but when researching this further we have seen numerous variants being sent since October 2018.  All of these variants utilize the same theme of there being a security review of your credit card that found issues that require you to send your information through an attached form and create a new online account.

These emails are being sent out from mail domains that are based off of the "American Express" keyword such as AmExpress@amnex.com, AmericanExpress@ampress.com, and AmericanExpress@aemail.com. Some of the email Subject that we have seen include "Notice Concerning your CardMember Account", "Reminder - We've issued a security concern (Action Required)", and "REMINDER: A concern that requires your action."

The text of this phishing email is:

Code:

Primary Cardmember Message

We are writing to let you know that there is a recent security report for your American Express Account(s). At the time of report analysis, errors were encountered.

In view of this, We mandate that you confirm your on-file records with us.

You are to

A safe attached fillable Web form is sent with this message.

* See attaced form, download and open to continue.

Thank you for your continued Cardmembership.

American Express Customer Service

Source: https://www.bleepingcomputer.com/news/se...hing-form/

[jasonX]

I actually got one of these but was flagged as spam. It was from my manufacturing work email and I bet the whole office got it too! Thanks for the info and heads-up!