cancel
Showing results for 
Search instead for 
Did you mean: 

Amex customers targeted in Phishing attack

tag
dynamicvb
Valued Contributor

Amex customers targeted in Phishing attack

If you have an Amex might want to read this one.

 

https://www.bleepingcomputer.com/news/security/american-express-customers-targeted-by-novel-phishing...

 

 

Started Rebuild 4/2018: EX 616| TU 604| EQ 621

Current 5/28/20:


First Goal Score: 750+ Reached 3/2019

Next Goal all over 800
Message 1 of 11
10 REPLIES 10
OmarR
Established Contributor

Re: Amex customers targeted in Phishing attack

It's sad that people still click on links from unsolicited emails.

 EQ=850   EX=845   TU=843       0/24       UTIL=$1    AZEO

Message 2 of 11
Marz2002
Senior Contributor

Re: Amex customers targeted in Phishing attack


@dynamicvb wrote:

If you have an Amex might want to read this one.

 

https://www.bleepingcomputer.com/news/security/american-express-customers-targeted-by-novel-phishing...

 

 


Here's the HOOK - "The malicious mail "asks the would-be victim to verify his or her personal information 'Due to a recent system maintenance' and says that failure to comply would lead to a 'temporary suspension' of the account," says the Cofense report." Smiley Sad

AMEX BCP $8K | AMEX Cash Magnet $15K | Citi DoubleCash WEMC $15.2K | Citi Rewards WMC $15.5K | Citi Costco VS $12K
Citi Custom Cash WEMC $7.8K | Synchrony (PayPal Credit $6K, Care Credit $15K, & PayPal 2% MC $10K, VENMO VS $6.5K)
PNC Cash Rewards VS $10.5K | NFCU cashRewards VS $14K | NFCU More Rewards AMEX $37.5K | NFCU Flagship Rewards VS $23K
Discover IT $22.5K | BB&T Cash Rewards $4.5K | Macy's AMEX $25K | Bloomingdales AMEX $20K | Apple Card WEMC $9K
PenFed Power Cash Rewards VS $7.5K

Total CL - $284K+
Message 3 of 11
Marz2002
Senior Contributor

Re: Amex customers targeted in Phishing attack


@OmarR wrote:

It's sad that people still click on links from unsolicited emails.


Actually, it's quite easy to get caught in the trap if, for example you are traveling, BEHIND schedule, and trying to keep up with a ton of emails!

AMEX BCP $8K | AMEX Cash Magnet $15K | Citi DoubleCash WEMC $15.2K | Citi Rewards WMC $15.5K | Citi Costco VS $12K
Citi Custom Cash WEMC $7.8K | Synchrony (PayPal Credit $6K, Care Credit $15K, & PayPal 2% MC $10K, VENMO VS $6.5K)
PNC Cash Rewards VS $10.5K | NFCU cashRewards VS $14K | NFCU More Rewards AMEX $37.5K | NFCU Flagship Rewards VS $23K
Discover IT $22.5K | BB&T Cash Rewards $4.5K | Macy's AMEX $25K | Bloomingdales AMEX $20K | Apple Card WEMC $9K
PenFed Power Cash Rewards VS $7.5K

Total CL - $284K+
Message 4 of 11
Anonymous
Not applicable

Re: Amex customers targeted in Phishing attack

While this one I wouldn't click on, I'd rather contact Amex directly either by their site of phone to resolve any issues.

 

However, what about adding AU's for so mnay MRs? I've clicked on those before to take advantage of the deal. After all, it does state via this email. I guess we just can't trust anything anymore.

@OmarR wrote:

It's sad that people still click on links from unsolicited emails.


 

Message 5 of 11
iced
Valued Contributor

Re: Amex customers targeted in Phishing attack


@Marz2002 wrote:

@OmarR wrote:

It's sad that people still click on links from unsolicited emails.


Actually, it's quite easy to get caught in the trap if, for example you are traveling, BEHIND schedule, and trying to keep up with a ton of emails!


Disagree. Frankly, I think it takes a willful ignorance of common sense to fall for a phishing email. For every attempt that has a modicum of thought put into it, there's 100 that would be laughed out of amateur hour at the comedy club. Even if the blatant grammatical or formatting errors get by someone, there's still a consistent framework to all of them:

 

1. They ask for information that has value,

2. They provide you with a convenient way of delivering said information,

3. They warn you of consequences for not providing the information in an attempt to instill urgency and/or fear.

 

Identifying those three items takes a second after reading an email. No reason to shirk that thinking because of schedule or location.

 

A simple rule is if an email asks you for login or financial information, do not follow links or call numbers listed in the email. Never. No, not then either. Oh, it's from a co-worker? No! Your mother? Definitely not.

 

If someone is still unsure as to whether it's legit or not, go directly to the site or call the number off their public site. That very simple step shouldn't be thrown out the window just because someone's staying in a hotel, running late, or have 15,000 emails per day coming in.

 

Fun side fact: my employer sends out phishing emails to employees on a regular basis, with consequences for those who take the bait.

Message 6 of 11
OmarR
Established Contributor

Re: Amex customers targeted in Phishing attack


@Marz2002 wrote:

@OmarR wrote:

It's sad that people still click on links from unsolicited emails.


Actually, it's quite easy to get caught in the trap if, for example you are traveling, BEHIND schedule, and trying to keep up with a ton of emails!


I always go straight to the website and navigate towards whatever I am looking for. I don't even click on the quarterly "Activate your 5% categories now!" links.

 

I agree that it's "quite easy to get caught in the trap". That's why scammers do it. And that's why you (everyone) has to stop doing it.

 EQ=850   EX=845   TU=843       0/24       UTIL=$1    AZEO

Message 7 of 11
arkane
Established Contributor

Re: Amex customers targeted in Phishing attack


@iced wrote:

Fun side fact: my employer sends out phishing emails to employees on a regular basis, with consequences for those who take the bait.


Do we work at the same company? Our IT department does the exact same thing, although the only consequence is you get treated to a page with a sad face and "uh oh". (and also the humiliation that you fell for it Smiley Sad)

 

OT: I think a really good way to add at least a line of last defense is to intentionally enter some nonsensical data and see what the sytem spits out. The genuine site will let you know you entered bad data, but the phishing site will of course say everything is ok and back to business as usual. 

Active:

Closed:


6/8/20:

Message 8 of 11
Medic981
Valued Contributor

Re: Amex customers targeted in Phishing attack


@iced wrote:

@Marz2002 wrote:

@OmarR wrote:

It's sad that people still click on links from unsolicited emails.


Actually, it's quite easy to get caught in the trap if, for example you are traveling, BEHIND schedule, and trying to keep up with a ton of emails!


Disagree. Frankly, I think it takes a willful ignorance of common sense to fall for a phishing email. For every attempt that has a modicum of thought put into it, there's 100 that would be laughed out of amateur hour at the comedy club. Even if the blatant grammatical or formatting errors get by someone, there's still a consistent framework to all of them:

 

1. They ask for information that has value,

2. They provide you with a convenient way of delivering said information,

3. They warn you of consequences for not providing the information in an attempt to instill urgency and/or fear.

 

Identifying those three items takes a second after reading an email. No reason to shirk that thinking because of schedule or location.

 

A simple rule is if an email asks you for login or financial information, do not follow links or call numbers listed in the email. Never. No, not then either. Oh, it's from a co-worker? No! Your mother? Definitely not.

 

If someone is still unsure as to whether it's legit or not, go directly to the site or call the number off their public site. That very simple step shouldn't be thrown out the window just because someone's staying in a hotel, running late, or have 15,000 emails per day coming in.

 

Fun side fact: my employer sends out phishing emails to employees on a regular basis, with consequences for those who take the bait.


Your comment that "it takes a willful ignorance of common sense to fall for a phishing email" is quite harsh when phishing is in the forefront of your mind given the fact that "my employer sends out phishing emails to employees on a regular basis, with consequences for those who take the bait." Not everyone lives in a world of paranoia and scammers try to take advantage of this. 







Your FICO credit scores are not just numbers, it’s a skill.
Message 9 of 11
iced
Valued Contributor

Re: Amex customers targeted in Phishing attack


@Medic981 wrote:


Your comment that "it takes a willful ignorance of common sense to fall for a phishing email" is quite harsh when phishing is in the forefront of your mind given the fact that "my employer sends out phishing emails to employees on a regular basis, with consequences for those who take the bait." Not everyone lives in a world of paranoia and scammers try to take advantage of this. 


How about looking both ways when crossing a street, not accepting gifts from strangers, or any of the countless other lessons we're taught as children to be safe? Are those in the forefront of your mind, or are they learned enough that you keep to them without conscious effort? Not trusting strangers, not accepting wooden nickles, caveat emptor, and a few others are all lessons that apply to phishing. If that translates to living in a world of paranoia, then everyone needs to either start living in a world of paranoia or not to be surprised when (not if) they get scammed. There is no option C.

 

My point here isn't to anger, but avoiding scams (and by association, phishing) really and truly is a basic skill we learn as children; some people, for whatever reason, choose to stop listening to those rules as adults, and that is willful ignorance. Just because we're adults now and/or everything's online doesn't mean the common sense we learned 10, 20, or 50 years ago isn't still applicable.

Message 10 of 11
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.