Amex Chase Users Targeted In New, Clever Phishing Campaign – Email Security Expert Commentary

A new phishing campaign involves scammers sending fake Chase and Amex fraud protection emails asking users if the listed card transactions are valid. Victims who click the “no” button in the message to dispute the transactions will be redirected to a fake yet legitimate-looking Chase or American Express login site where they will go through a fake verification process that invites them to enter their username, password, birth date, social security number, as well as their bank and credit card information.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Peter Goldstein
Peter Goldstein , CTO and Co-founder
InfoSec Expert
February 13, 2020 10:33 am

The latest scam targeting Chase and American Express customers demonstrates how effective impersonation techniques can be in phishing attacks. In fact, 83 percent of phishing emails are brand or company impersonations. Playing on Chase and Amex users’ fears of someone abusing their credit card information, victims are more inclined to fall for the bait and input their highly sensitive information in a fake verification process. Doing so would allow cybercriminals to commit identity theft on the victims or sell their information in dark-web marketplaces.

As threat actors become more adept at crafting emails that are indistinguishable from legitimate ones, we must focus on validating and authenticating sender identity. With email, this can be accomplished by properly enforcing DMARC, a widely-accepted open standard that ensures only authorized senders can use your domain in the From: field of their email messages.

Last edited 2 years ago by Peter Goldstein
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x