Unusual Activity American Express Card
Another American Express phishing campaign hit the ether over the last two days. This one informs the recipient that “unusual activity” has been detected on their American Express card. Naturally, the recipient can resolve the situation. All they need do is click on one of two links contained in the email. It is a scam.
A screenshot of one of the emails we received is shown in Figure A. The crafters of the email have used some American Express branding, though the overall look of the email is somewhat untidy. The subject line used in the email is “Unusual activity in your American Express card”. The sender appears as “American Express”. The subject line of the email is also used as a heading in the body of the email. The greeting used is “Dear Customer”. Two links are present in the email. These both link to the same website. Standard notices are used at the foot of the email.
The purpose of the email is to alert the recipient to possible fraudulent use of their American Express card. The email specifies the date and time this so-called illegal use occurred. The time specified varies from email to email. However, it does correspond to GMT+01. The email recipient is advised to either view account activity via a button with the text “VIEW ACCOUNT ACTIVITY” or to logon to the second link. The second link uses the anchor text “americanexpress”. This is an attempt to add authenticity to the email. The email’s parting line tells the user that “your prompt response regarding this matter is appreciated”.
As we mentioned, the email has an untidy feel to it. Aside from that, there are two other signs that the email is false. Firstly, the greeting is generic. American Express will address you in the name the account is held. The second sign are the links. They lead to a copy of the American Express site, not the real American Express site. The copy is a phishing site. This is a malicious email, and can be deleted.