Latest AMEX Phishing Scam Hooks Card Holders

Payment card scams are as old as the cards themselves. Although cardholders once had to worry about the physical loss of their card, thanks to technology, the card itself isn’t needed for financial fraud anymore. Hackers use any number of tactics to get payment card account information, including your card number and PII (Personally Identifiable Information) that often includes Social Security Numbers. AMEX and other credit card holders are frequent hacking targets, with this latest AMEX scam being no different. These are classic phishing emails that deserve a closer look to keep AMEX, Visa, and other payment card holders from falling for them. Remember overall, never act on an email you’re not expecting.

In the AMEX hack, cardholders received an email–allegedly from AMEX–addressed to the “Primary Cardmember.” The address itself is a red flag because it’s generic and can be cast to catch a huge audience. Nothing specific to the account holder, such as using a name is designated by hackers. Always be suspicious of generic email addresses as they could be sent to millions of prospective victims, including yourself.

The AMEX email subject title says, “A concern that requires your action.” Hackers love to scare cardholder’s into believing something may be wrong with their account, even perhaps that their credit card details were hacked. Remember that no legitimate credit provider or financial institution will email you and ask for account details because they don’t need what they already have.

Beware of emails asking you to click on attachments, especially from a financial institution. In the AMEX hack, recipients were asked to fill out an attached form to verify their account details. The form may look very legitimate, including graphics like the AMEX logo. Look for bad grammar or misspellings–it’s a major clue the email is a phishing effort. The AMEX Security Center web page provides information on how to report a phishing email.

Don’t follow links in an email. Clicking on a link brings you to a fake website, again designed to look like the real deal. Always verify the URL by hovering the cursor over the link and check it for phishy spellings, including odd characters. Hacker’s closely match the real URL because it only takes one overlooked different letter or number to send customers to a bogus site. You can verify if an AMEX email or one from another credit company is legitimate with a phone call directly to the provider. Look up the phone number yourself and never use one that’s provided within the email, as you can be sure a hacker will be on the other end of the call.

Stickley on Security
Published May 1, 2019