Amex Chase Users Targeted In New, Clever Phishing Campaign – Email Security Expert Commentary

By   ISBuzz Team
Writer , Information Security Buzz | Feb 13, 2020 02:28 am PST

A new phishing campaign involves scammers sending fake Chase and Amex fraud protection emails asking users if the listed card transactions are valid. Victims who click the “no” button in the message to dispute the transactions will be redirected to a fake yet legitimate-looking Chase or American Express login site where they will go through a fake verification process that invites them to enter their username, password, birth date, social security number, as well as their bank and credit card information.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Peter Goldstein
Peter Goldstein , CTO and Co-founder
February 13, 2020 10:33 am

The latest scam targeting Chase and American Express customers demonstrates how effective impersonation techniques can be in phishing attacks. In fact, 83 percent of phishing emails are brand or company impersonations. Playing on Chase and Amex users’ fears of someone abusing their credit card information, victims are more inclined to fall for the bait and input their highly sensitive information in a fake verification process. Doing so would allow cybercriminals to commit identity theft on the victims or sell their information in dark-web marketplaces.

As threat actors become more adept at crafting emails that are indistinguishable from legitimate ones, we must focus on validating and authenticating sender identity. With email, this can be accomplished by properly enforcing DMARC, a widely-accepted open standard that ensures only authorized senders can use your domain in the From: field of their email messages.

Last edited 4 years ago by Peter Goldstein

Recent Posts

Would love your thoughts, please comment.x