American Express Emails
So far today I’ve received three emails that are allegedly from American Express. Their subject line is “American Express Online Form” or “official update” or “important notification.” The message itself is the same:
Dear American Express customer,
A newly revised American Express Online Form has been issued by the American Express Customer Care Team. Please complete this form as soon as possible You can access the form at: American Express Online Form.
Thank you for choosing American Express.
Sincerely,
American ExpressTo learn more about e-mail security or report a suspicious e-mail, visit us at americanexpress.com/phishing. We are unable to answer replies to this e-mail.
Copyright 2010 American Express Company. All rights reserved.
When I got the first email, with the subject of “American Express Online Form,” I thought it sounded legitimate. But, I didn’t click through the link figuring that the next time I logged into my online account I’d search for the form. Then I got the next two emails.
Viewing the raw source code for the emails shows they have been sent from various domains: saufen.de, rha-fire.com, and roviramunoz.com. Obviously not American Express. And the links within the emails also link into variations of these domains.
I haven’t seen this particular attack before but I’m sure that many people will blindly accept that they’ve received a legitimate request from AmEx and provide these thieves with all the information they need to rob their accounts.