Knowing full well that American Express is the credit card of choice for many professionals, cyber criminals are targeting AMEX customers in a wave of convincing phishing emails. The emails appear to be from AMEX stating that fraudulent activity has been detected on the recipient’s card, and provides a link for the user to update their information. The link actually leads through a series of redirection scripts on compromised websites and eventually lands the user on a website that has the outward appearance of a legitimate AMEX website. This site’s sole purpose is to collect critical personal data such as your Account ID, Social Security Number, Mother’s Maiden Name which will shortly be used to perpetrate some actual account and identity theft.
What this means for you:
By now you should naturally be suspicious of any emails that show up in your inbox asking you to reset your credentials, especially if you did not explicitly perform a password or credential reset. Rolling over the links in the emails will show you the destination URL, and if the link isn’t one you recognize, stop right there and trash the email. Even if the URL looks legitimate, don’t use the link in the email. Go to your credit card website by manually typing in a URL that you know is good. Not sure what the URL is? Look for one printed on the back of your credit card, or failing that, just call the customer service number via phone. As a rule, credit card companies and banks will notify you via phone of suspected fraudulent activity, so emails like this should always be viewed with a healthy amount of skepticism.
Malicious agents continue to use increasingly sophisticated email templates to fool victims into installing malware on their computers. Most recently, people have been falling prey to an email that appears to be from Dropbox.com, a very widely used cloud storage website. The email uses Dropbox artwork and is kept short and to the point: it warns the user that they need to change their password and provides a link (which, of course, leads to a hijacked website). Adding to this email’s apparent credibility is the fact that Dropbox has engaged in this very same practice to legitimately warn users about password changes. Couple this with the fact that it’s highly likely you have a Dropbox account, and the hook is set before you know it.
What this means for you:
Whenever you receive a warning like this, the safest method to take action is to manually type the URL of the service in question in your browser and never click links in the email, unless you are confident they don’t lead to a hijacked website. Most email clients, including web-based ones like Gmail and Yahoo Mail, allow you to roll over the links in any email and see the actual linked destination (it may take a second or two, be patient while hovering), as it’s trivial to fake the visible destination while sending you down a dark road to infection. For more tips on spotting fake emails like this one, read my previous post, “Fake Emails are Getting Harder to Spot“.
Holidays usually bring out the best in people, especially those who truly are kind-hearted and enthusiastic about the season, but it’s also an opportunity for the Grinches among us to take advantage of everyone around them. E-cards aren’t new to the internet, and may have actually waned in overall popularity since their inception many years ago, but the winter holidays usually see a spike in their usage. Internet blackhats know this trend, and ironically, it’s like Christmas for them, because they know they can trick more than the usual number of people into opening fake greeting cards that instead of delivering cheer and love, drop a big helping of malware coal in your digital stocking.
What this means for you:
Frankly, I verge on the side of paranoia, and and don’t open any digital greeting card these days unless I recognize the URL (and confirm it’s not a counterfeit). This makes me feel vaguely Scroogish, but I’d rather not spend the holidays disinfecting my computer. If you get a E-card from someone that you weren’t expecting, especially if it’s from someone you know wouldn’t send one (or they already sent you an actual physical greeting card), take a moment to contact that person to verify they actually sent it, especially if you don’t recognize the URL. Heck, it could be your opportunity to reach out to someone you haven’t spoken to in awhile, and there’s no better time like the holidays to reconnect with acquaintances, right?
If you do decide to open that virtual card, make sure your antimalware is up to date, your operating system fully patched, and you have C2 Technology on speed dial!
Image courtesy of “mrpuen” / FreeDigitalPhotos.net