Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, has released its latest findings that reveal the intricate directives of a new phishing attack where hackers take advantage of the reputable multinational credit card service company, American Express, in an attempt to steal confidential information.
How it works: A spoofed email resembling a legitimate notification email from American Express was sent to about 16,000 recipients of a nonprofit organization. The email contained an attachment informing end-users that account verification was mandatory and, if not addressed, would result in suspension. Contained within the email attachment message, the provided link led users to a fake American Express-branded landing page where login credentials would be rendered.
You can read their findings here.