Knowing full well that American Express is the credit card of choice for many professionals, cyber criminals are targeting AMEX customers in a wave of convincing phishing emails. The emails appear to be from AMEX stating that fraudulent activity has been detected on the recipient’s card, and provides a link for the user to update their information. The link actually leads through a series of redirection scripts on compromised websites and eventually lands the user on a website that has the outward appearance of a legitimate AMEX website. This site’s sole purpose is to collect critical personal data such as your Account ID, Social Security Number, Mother’s Maiden Name which will shortly be used to perpetrate some actual account and identity theft.
What this means for you:
By now you should naturally be suspicious of any emails that show up in your inbox asking you to reset your credentials, especially if you did not explicitly perform a password or credential reset. Rolling over the links in the emails will show you the destination URL, and if the link isn’t one you recognize, stop right there and trash the email. Even if the URL looks legitimate, don’t use the link in the email. Go to your credit card website by manually typing in a URL that you know is good. Not sure what the URL is? Look for one printed on the back of your credit card, or failing that, just call the customer service number via phone. As a rule, credit card companies and banks will notify you via phone of suspected fraudulent activity, so emails like this should always be viewed with a healthy amount of skepticism.
The new tradition of Black Friday (and Cyber Monday) shopping online has not only caught on with bargain hunters hoping to avoid crowds and early-morning lineups, it has also caught the eye of the digital criminal element as well, who will be counting on naive (and not so naive) shoppers clicking on links to dodgy sites that instead of delivering amazing deals, will end up costing unwary shoppers hunters more than they bargained for.
It is believed that various cybercriminals will attempt to lure victims into clicking links promising deals too good to pass up, either delivered via email, or posted on the various bargain/coupon code websites that are scattered across the internet. Once you click a link to a site that is handing out malware instead of savings, your machine is likely to get infected with one of the hundreds of variants of malware, all with the express intent of, wreaking havoc on your holiday weekend (and beyond), extoring money out of you via ransomware demands, or worse still, lying dormant and undetected on your computer until you start typing in sensitive information, like the password to your banking website and email account. Once that happens, you are only clicks away from identity theft and probable financial damage.
What this means for you:
Common sense and caution are your best defenses, but you should also observe the following:
- Have updated and working antivirus software from a well-known manufacturer.
- Only click links to websites that you recognize – make sure the link you are clicking isn’t being spoofed.
- Can’t confirm a website, or not familiar with the source? Google the domain name – the real domain name, to see if virus/hoax reports have been associated with that domain.
- If the deal sounds too good to be true – it probably is. Call the store to confirm the deal if in doubt. Talk to a human.
- Still can’t confirm? Proceed with extreme caution at your own risk. Is the deal really worth the risk of your security being compromised?
Image courtesy of “digitalart” / FreeDigitalPhotos.net