A new American Express phishing attack that specifically targeted American Express cardholders is unlike other attacks, according to security researchers. It contains a sophisticated method of harming the recipient that experts are not as familiar with.

Phishing attacks are nothing new. They arrive as emails, texts, social media messages or phone calls that appear to come from someone you know. It might look like your boss or co-worker, someone in your email contact list, your bank or your favorite retailer.

Each new phishing attack email has different goals, depending on what kind of ruse they are using. A fake email from your boss might tell you to change a password or send funds to a different account number, but an email from your bank might try to get you to hand over your username and password. Many phishing attacks only want the user to click a link in the email so they can be taken to a fake website where the thief steals their information. Or even worse, a link that downloads a virus to their computer.

In the case of the American Express phishing attack, the link embedded in the American Express phishing emails is two different parts. This way, the hacker can insert malicious code into the link while also confusing your antivirus software. Instead of warning you about a harmful link, your software does not recognize it as malicious.

The email itself was very typical of these kinds of attacks, namely in that it was filled with grammatical errors. Some reports have shown that the spelling and punctuation mistakes, like the ones seen in the American Express phishing attack, are intentional so that only more gullible recipients will interact with it.

Fortunately, the age-old advice about avoiding a phishing attack still holds true. These are some things to keep in mind.

Never click a link or download an attachment that you are not expecting

If the email came from your boss, pick up the phone and verify it. If it appears to come from a company you do business with, ignore the email and go directly to their website. From there, you can see if there is an issue with your account.

Spelling matters

Companies do not send out emails or other messages with multiple errors. If you see any strange mistakes, that is probably a sign it is a fake.

Check the email address and URL

If you look very carefully at the sender’s address or the website address they have included in the message, you might notice something strange. If it says “Amaz0n.com,” for example, it is fake. If the website is Citibank.card.shop.com, instead of the company’s actual web address, again, it is a fake.

Do not trust the caller ID

If the phishing attempt comes by phone, like the American Express phishing attack, do not go by what you saw on the caller ID. It is easy to change the phone number or screen name to say anything the scammer wants, such as “IRS” or “County Sheriff’s Dept.” If you receive a phoned attempt at getting you to verify your identity or make some kind of payment, hang up and contact the company directly using a phone number you have located yourself.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

What It Is

Scammers are looking to cash in on the buzz surrounding the Equifax data breach, specifically the ability for consumers to check their data and file a claim if they were affected.

Who It Is Targeting

Any consumers who may have had their information stolen in the Equifax breach could be at risk of an Equifax settlement scam, but scammers may also seek out people who were not affected in order to sell them protection products.

What You Need To Know

Equifax is one of the three major credit reporting agencies, and they were breached in 2018. More than 147 million consumers had their complete identities stolen by hackers. Now, Equifax has launched its settlement website where you can find out if your information was stolen, file a claim for compensation and apply for credit monitoring. Equifax settlement scammers are capitalizing on the buzz surrounding this new website and have already targeted victims.

What You Should Do About It

  • Make sure you are only using legitimate websites for this process, namely the FTC’s site and EquifaxBreachSettlement.com.
  • You do not have to pay anything to file a claim, look into your data, receive credit monitoring services or otherwise participate in this settlement.
  • Never verify your information for someone who contacts you and offers to find out if you have been affected.
  • Never hand over your Social Security number to someone who contacts you in any way.

Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

Christmas shopping is better when you save a bundle, but this fake Costco coupon is definitely a scam.

Who Is It Targeting: Costco shoppers

What Is It: Coupon scam

What Are They After: There are several different ways scammers can benefit from a coupon scam. They may be gathering your email address and access to your social media friends list in order to sell the information to spammers. They may also be generating revenue from click advertising by getting you to answer screen after screen of survey questions. More harmful cases may actually install malicious software on your computer by getting you to first download a bogus “coupon installer” to print your coupon. Costco is the latest company to issue a warning to social media users: they are not giving away a $75 coupon online.

How Can You Avoid It:

  • Never click a link that someone shares with you unless you were specifically expecting it.
  • Generate a free “throwaway” email address for online offers so you aren’t sharing your real email address with spammers.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. For full details of this scam check out this article from IDTheftCenter.org


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

Tech support scams have infiltrated Apple mobile devices.

Who Is It Targeting: Apple device users

What Is It: Phishing email that lures you into calling “Apple Care” for phony tech support

What Are They After: Tech support scams certainly aren’t new, but the way they manifest has been evolving to keep up with the latest consumer products. A new scam tries to convince you that your Apple ID has been compromised; when you click the link in the email from your phone, it even tells you that your Apple account has been locked due to fraudulent activity. When you call the phone number—which pops up in a very Apple-looking “call or cancel” box—you’re directed to give the tech support person access to the mobile device. From there, the individual installs malware that steals money from your associated accounts or online bill pay.

How Can You Avoid It:

  • If you receive a warning message, don’t click or call!
  • Instead, exit out of the message and go directly to that account yourself.
  • Look around, and contact support if you still think there might be something wrong.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here.

Read next: Top Scams of the Year


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

In the “gig economy,” there are lots of legitimate ways to make extra money but this scam is targeting ride-share drivers.

Who Is It Targeting: Freelancers, gig economy workers

What Is It: Phishing email

What Are They After: This scam appeared as an email in an ITRC staffer’s inbox. It offers the recipient the chance to earn mega-bucks on the side as an Uber driver, but the email is so ridiculously bad. It’s literally a photo of an actual email from ride-hailing service Uber, pasted into another email that definitely doesn’t come from Uber. Clicking any of the associated links could install harmful software on your computer, and at the very least, interacting with the sender could lead to identity theft.

How Can You Avoid It:

  • If you’re looking for a job, avoid the scammers and go directly to the source.
  • Gig economy and freelance work is definitely available, but you have to play it safe.
  • Avoid scams by thoroughly investigating any opportunity before sharing sensitive information or financial data.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here.

Read next: Top Scams of the Year


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The internet is a great resource for the online job hunt, but it’s also riddled with scams.

Who Is It Targeting: Online job seekers

What Is It: Bait-and-Switch check-cashing scam targeted at job seekers

What Are They After: The internet is a great resource for finding new job opportunities, but you have to play it safe. One woman posted her resume online at a well-known employment site and was contacted immediately with an offer. Unfortunately, scammers patrol these online job sites (Indeed, Glassdoor, LinkedIn) and other sites, looking for their next victim. She lost several thousand dollars to a check scam in which she was told to cash a check and use it to buy iTunes gift cards for the “employer.”

How Can You Avoid It:

  • When looking for a job online, be very careful about vetting the source.
  • Never submit your highly sensitive information during the application process.
  • Never accept a check that you must cash before returning some money or buying an item; let the check clear before you take any action.

Remember, a common form of identity theft involves employment. It happens when someone accesses your personally identifiable information and uses it to get their own job but under your name. Are you working two jobs but don’t know it?

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. For full details of this scam check out this article from WKRN.com.

Read next: Top Scams of the Year


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Be careful of the “good deals” you can find on social media marketplaces. Individuals are falling for Facebook ad scams.

Who Is It Targeting: Social Media users

What Is It:  Phishing emails that offer items for low prices

What Are They After: One woman learned the hard way that Facebook ads for incredible deals are easy to fake. After she found a massage chair for a very low price, she was redirected to a different web page where she inputted her personal details and credit card information. Fortunately, her bank reached out to her shortly after: her credit card information had been used in another country to make a purchase worth several thousand dollars. When she confirmed that she had not made that purchase, the transactions were canceled.

How Can You Avoid It:

  • Make sure all of your online shopping is only with reputable retailers.
  • Monitor all of your accounts very careful to watch for fraud.
  • Of course, always be mindful of the information you put out about yourself on social media.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. For full details of this scam check out this article from CBS12.com.

Read next: Top Scams of the Year


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Individuals have recently reported to the Identity Theft Resource Center that scammers are requesting a new payment method through AmEx prepaid card when targeting victims.

Who Is It Targeting: Social Media users

What Is It:  Phishing scams that demand untraceable payment methods

What Are They After: Now that word has gotten out about not paying your “taxes” with iTunes gift cards or wiring money to an alleged kidnapper via Western Union, scammers have started demanding payment via prepaid cards from recognizable financial institutions like American Express. They insist on a prepaid card because your bank cannot cancel the transaction if it turns out to be fraud. One victim who contacted the ITRC was instructed to put the fee on a prepaid AmEx card in order to apply for a “government grant;” the fraud came to her through a Facebook friend’s account.

How Can You Avoid It:

  • There is no legitimate reason that you will be required to make a payment via an untraceable method.
  • If the company is able to accept a prepaid Visa, Mastercard or AmEx card, they will be able to accept your credit card.
  • Never agree to make a payment through an untraceable method without checking out the situation completely.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. 

Read next: Top Scams of the Year


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Never open a new account for someone who sends you a check.

Who Is It Targeting: Typically targets online dating or romance contacts

What Is It: Scam that steals money from your account

What Are They After: This scam most often affects people who connect via online dating sites or accept friend requests on social media. After gaining your trust, the scammer sends you a blank check and tells you to fill out the amount. You’re instructed to deposit the scammer’s check in your own bank account, then use the money to open a new account in the scammer’s name as a favor to the scammer (who obviously has some very good excuse as to why they can’t open the account themselves). Once you transfer the money from your account to the new account, the scammer takes that money and disappears, and the check you originally deposited bounces for insufficient funds. The money in this scenario came straight out of your bank account and is gone for good.

How Can You Avoid It:

  • Be very careful of the things an online friend or love interest asks you to do.
  • Never open a new account on someone else’s behalf if you are not directly related to the person.
  • Never take money out of your account to give to someone else without waiting to see if their funds cleared their banks.

 


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. For full details of this scam check out this article from WMTW.com.

Following news of a large-scale data breach, scammers may contact you to get even more information.

Who Is It Targeting: Payment card holders

What Is It: Phishing scam that steals further information after a data breach

What Are They After: Police in Tallahassee have warned the public about a new scam that cropped up after the Jason’s Deli data breach. Scammers are contacting affected consumers and posing as fraud investigators, employees of the victims’ financial institutions, and more, all trying to gather even more information in order to commit identity theft. By asking you to verify your account information, the security code on the back of your stolen credit card, or other highly sensitive information, they can then steal your identity and use the payment card that was impacted in the data breach.

How Can You Avoid It:

  • Never give your information to someone who contacts you out of the blue, regardless of the story they provide.
  • Instead, take their information and contact the company directly using a verified phone number.
  • Do not simply call a phone number they provide as it could lead right back to the scammers.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. For full details of this scam check out this article from WTXL.com.