Posts

A new American Express phishing attack that specifically targeted American Express cardholders is unlike other attacks, according to security researchers. It contains a sophisticated method of harming the recipient that experts are not as familiar with.

Phishing attacks are nothing new. They arrive as emails, texts, social media messages or phone calls that appear to come from someone you know. It might look like your boss or co-worker, someone in your email contact list, your bank or your favorite retailer.

Each new phishing attack email has different goals, depending on what kind of ruse they are using. A fake email from your boss might tell you to change a password or send funds to a different account number, but an email from your bank might try to get you to hand over your username and password. Many phishing attacks only want the user to click a link in the email so they can be taken to a fake website where the thief steals their information. Or even worse, a link that downloads a virus to their computer.

In the case of the American Express phishing attack, the link embedded in the American Express phishing emails is two different parts. This way, the hacker can insert malicious code into the link while also confusing your antivirus software. Instead of warning you about a harmful link, your software does not recognize it as malicious.

The email itself was very typical of these kinds of attacks, namely in that it was filled with grammatical errors. Some reports have shown that the spelling and punctuation mistakes, like the ones seen in the American Express phishing attack, are intentional so that only more gullible recipients will interact with it.

Fortunately, the age-old advice about avoiding a phishing attack still holds true. These are some things to keep in mind.

Never click a link or download an attachment that you are not expecting

If the email came from your boss, pick up the phone and verify it. If it appears to come from a company you do business with, ignore the email and go directly to their website. From there, you can see if there is an issue with your account.

Spelling matters

Companies do not send out emails or other messages with multiple errors. If you see any strange mistakes, that is probably a sign it is a fake.

Check the email address and URL

If you look very carefully at the sender’s address or the website address they have included in the message, you might notice something strange. If it says “Amaz0n.com,” for example, it is fake. If the website is Citibank.card.shop.com, instead of the company’s actual web address, again, it is a fake.

Do not trust the caller ID

If the phishing attempt comes by phone, like the American Express phishing attack, do not go by what you saw on the caller ID. It is easy to change the phone number or screen name to say anything the scammer wants, such as “IRS” or “County Sheriff’s Dept.” If you receive a phoned attempt at getting you to verify your identity or make some kind of payment, hang up and contact the company directly using a phone number you have located yourself.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

Be careful of the “good deals” you can find on social media marketplaces. Individuals are falling for Facebook ad scams.

Who Is It Targeting: Social Media users

What Is It:  Phishing emails that offer items for low prices

What Are They After: One woman learned the hard way that Facebook ads for incredible deals are easy to fake. After she found a massage chair for a very low price, she was redirected to a different web page where she inputted her personal details and credit card information. Fortunately, her bank reached out to her shortly after: her credit card information had been used in another country to make a purchase worth several thousand dollars. When she confirmed that she had not made that purchase, the transactions were canceled.

How Can You Avoid It:

  • Make sure all of your online shopping is only with reputable retailers.
  • Monitor all of your accounts very careful to watch for fraud.
  • Of course, always be mindful of the information you put out about yourself on social media.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. For full details of this scam check out this article from CBS12.com.

Read next: Top Scams of the Year


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Individuals have recently reported to the Identity Theft Resource Center that scammers are requesting a new payment method through AmEx prepaid card when targeting victims.

Who Is It Targeting: Social Media users

What Is It:  Phishing scams that demand untraceable payment methods

What Are They After: Now that word has gotten out about not paying your “taxes” with iTunes gift cards or wiring money to an alleged kidnapper via Western Union, scammers have started demanding payment via prepaid cards from recognizable financial institutions like American Express. They insist on a prepaid card because your bank cannot cancel the transaction if it turns out to be fraud. One victim who contacted the ITRC was instructed to put the fee on a prepaid AmEx card in order to apply for a “government grant;” the fraud came to her through a Facebook friend’s account.

How Can You Avoid It:

  • There is no legitimate reason that you will be required to make a payment via an untraceable method.
  • If the company is able to accept a prepaid Visa, Mastercard or AmEx card, they will be able to accept your credit card.
  • Never agree to make a payment through an untraceable method without checking out the situation completely.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. 

Read next: Top Scams of the Year


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.