Email Address Updated Says Phishing email
A notable first for us at MailShark this morning: the first major email campaign that targets American Express users. We have seen more desultory type campaigns, but this is the first concerted attack. Aside from that, this phishing email is interesting in another aspect. The email says “Email Address Updated” and goes on to thank the user for performing this non action. Read on and we will delve further into this deception, and it is a deception. The email is definitely not from American Express.
As you can see from Figure A, and as stated above, the email thanks the recipient for updating their email address. (We have blacked out the email address used in the body of the email.) The email uses the subject line “Email Address Updated”. The sender of the email is listed as “AmericanExpress”. American Express type branding is used as part of the email. The greeting used in the email is “Dear Cardholder”. The email signs off as “American Express Customer Service”. The bottom of the email has standard notices, including a copyright type imprimatur. There are three links in the email. These all appear in the body of the email, and all link to the same website.
As the email states, the recipient has (apparently) recently updated their email address. The email goes on to explain that the recipient can change their email address at any time by clicking on the link. The email also informs the user that they can click on a link to stop receiving alerts. Finally, feedback can be given on the email by clicking on the third link.
This email is using social engineering in an attempt to fool the recipient into clicking on a link. The idea is to imply that someone other than the recipient has changed the recipient’s American Express email address. The criminals are hoping that the recipient will be alarmed by the prospect of someone hacking their American Express account. Unfortunately, this email is not from American Express. Checking the three links shows that they all lead to the same malicious phishing site. This site is set up to steal user details, including their America Express card numbers. Delete this email if you receive it.