Scam Alert – Fake American Express notification
Beware of scammers trying to use phishing tactics like security notifications to lure you into clicking a malicious link
The whole “there’s something horrible about to happen if you don’t click this now” scam is nothing new, but the scammers are getting really good at making their bait look legit. I received an email earlier today, reportedly from American Express, and thought that it would be a good example of what to look for. Some interesting things to note:
- The email looks legitimate. It has the American Express logo, mailing addres, etc., but doesn’t include a telephone number.
- The link, even though the text presented to the victim says http://americanexpress.com, the actual link (e.g., where you’re going) is http://amelican-excress.com/americanexpres . The domain name amelican-excress.com is registered to a Chinese company with a bunch of bogus information in the whois database.
- The message is subtle and doesn’t try for that ’emergency’ response that so many scams go for.
If you get an email from your bank, credit card company, cable company, etc., never click on the links embedded in them, even if you believe that they are legitimate. Instead, contact the vendor by phone or, if the email says to go to their website (like this one does), type the URL (web address) into your browser directly rather than clicking on the link.