Socially Engineered Phishing Attack Impersonates American Express To Steal User Credentials: Armorblox

Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, has released its latest findings that reveal the intricate directives of a new phishing attack where hackers take advantage of the reputable multinational credit card service company, American Express, in an attempt to steal confidential information.

How it works: A spoofed email resembling a legitimate notification email from American Express was sent to about 16,000 recipients of a nonprofit organization. The email contained an attachment informing end-users that account verification was mandatory and, if not addressed, would result in suspension. Contained within the email attachment message, the provided link led users to a fake American Express-branded landing page where login credentials would be rendered. 

You can read their findings here.

Leave a Reply