If you fall for the latest phishing attack aimed at American Express cardholders, you may not have a home left to leave. According to Strategic Revenue, “This AMEX Email Phishing Scam Wants You Homeless & Poor, With A Zero FICO Score.” Yikes.

This latest phishing scam is hitting hundreds of thousands of inboxes just in time for Christmas. According to the article, “You receive an email which appears to be from American Express, but it isn’t, it’s from some unscrupulous hacker hiding somewhere behind a computer who is looking to steal your identity.”

From a phishing standpoint, this particular attack is not overly sophisticated. It uses the standard domain name spoofing tactic and a clickable button. “After clicking on the button in the fake email, users are sent to a fake website which is designed to look identical to an authentic American Express website. A link shortening service called “Bitly” is being used to hide the long fraudulent looking site address which will be visited.

What makes this attack unique is that the fakery actually goes four webpages deep. In an effort to gain the victim’s confidence, the hackers actually created four fake webpage to steal as much information as possible, including credit card number, expiration date, 3-digit credit card security code, last four of the Social Security number, email address and password. With all that information, you probably will end up homeless, poor and with a FICO score of zero.

Just to make sure the phish is perfect, after the hackers get all your information, they redirect you to the actual American Express website where you have the pleasure of logging in again (that’s a clue that something’s wrong). If you end up there, you are truly unlucky. “You have only left to now login and see all of your ordinary information while some criminal is off to the dark-net web to distribute and sell your most secure personal information.”

It may not be a sophisticated attack, but some people will fall for it and their lives will be ruined. With the technology available today, there’s no need for anybody to be a victim of this kind of identity theft.

For pennies a day per user, Phishing Protection from DuoCircle can keep you and all your employees safe from phishing attacks. It sets up in minutes, doesn’t require and hardware or software, and with real-time click protection, you can be assured that no matter how sophisticated the phishing attack, you’ll be protected.

Try Phishing Protection today risk free for 30 days. It’s trusted by thousands of companies and comes with the best 24/7 live technical support in the industry.

Pin It on Pinterest

Share This