AMEX phishing scam 2

Here’s another phishing scam I received today…

Subject line: “Unusual Activity Detected”

AMEX phishing scam

Wow, they love me. This one seems a bit more well crafted than the last one but let’s take a look…

  • In this line: “For your safety, Your American Express account has temporarily been suspended due to missing/unverified contact information.” the word “your” should not be capitalized, so there’s some bad grammar already.
  • The English here is suspect, too: “Your account access will be fully restored immediately after update.” – After update?
  • The words capitalized here shouldn’t be capitalized: “Thank you for your Card Membership,” See? It pays to know capitalization rules. Countries where English isn’t their first language get it wrong. At large companies, they have Copywriters and Proofreaders that check for these things.
  • This takes guts: “To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing .” but, what’s that? A space before a period. Nope, that wouldn’t pass a Proofreader.

The email address is not from AmericanExpress.com and what’s with that random colon hanging out at the top?

AMEX phishing scam 2

Links are SendGrid, not American Express:

AMEX phishing scam 3

And look where I’m taken… this is a total phishing website:

Fake AMEX login page

The title of the page is this, which looks totally Indian:

American Express : Online Services : Log in

In the US, we don’t use colons to divide things like that. They do that in India.

This looks a LOT like a real AMEX login page… but it’s not. I would not enter my info there.

Here’s the URL where I was sent:

https://uaitracker.com.br/wordpress/wp-admin/face2/AMEXFRESH1/home/?cmd=www.ssaonline-account-service.com-update_submit&id=dd4cbcfb465aa079c2ad76d5a47d764ddd4cbcfb465aa079c2ad76d5a47d764d&session=dd4cbcfb465aa079c2ad76d5a47d764ddd4cbcfb465aa079c2ad76d5a47d764d

Note: I tried to email an email address I found on this website but the email bounced and I could not contact them. I did forward it to spoof@americanexpress.com so they can try to contact the site owner. If you get these emails, please do the same.

This was a scam… a phishing scam for sure.

What to Do

Well, I hope my examples here help. This is terrible.

You should, of course, just delete these kinds of emails.

When websites get hacked, this is what happens. This is a WordPress website and I would bet just about anything they don’t have their WordPress software (core software, themes, and plugins) up to date. Hackers go after easy targets like this and the skip the websites that keep their software up to date. I’ve seen it so many times with the websites we do maintenance on.

How to Block Phishing & Adult Sites in Just 5 Minutes And, I’ll be honest, what I recommend to help with phishing scams did not work this time. I do, however, include some resources to help you identify scam or phishing emails.

The problem is, these fake sites pop up all the time. They might be up for a day and then they’re gone.

Check out the book I wrote: “How to Block Phishing and Adult Websites in Just Five Minutes” and you’ll also get the extra resources to help you in these situations.

LEAVE A REPLY

Please enter your comment!
Please enter your name here