Security Bytes

Dec 17 2009   11:43AM GMT

Panda warns of American Express scam



Posted by: Robert Westervelt
Tags:
email security
Phishing

Standard phishing attack targets American Express customers.

PandaLabs, the research arm of Panda Security, is warning users about a new phishing scam that attempts to trick people into giving up their American Express online credentials.

It’s a standard phishing attack. The phony email warns that American Express’ records are incomplete and asks the email recipient to complete the information. Of course, the victim will have to login to do that and the phishers have provided a convenient phony login tool.

PandaLabs’ Sean-Paul Correll:

This type of phishing campaign is the oldest trick in the book, but you can easily avoid it by knowing that financial institutions will never ask you to divulge your personal information.

While this is the standard run-of-the-mill phishing campaign, nearly every security vendor is warning about a rise in phishing attacks moving to social networks, including Facebook, Twitter and others. Most of the increase can be attributed to the link shortening services which make it easy for the bad guys to disguise a nefarious URL. ┬áThere are tools available — browser add-ons — from nearly all the browser makers to allow you to check out a URL before clicking on it.┬áThe trust factor on social networks is high too, giving cybercriminals more of an incentive to move their phishing attempts there.

As for the American Express phishing attack, I suggest you don’t trust any email messages you receive from your bank. A couple of years ago I interviewed the CISO of ING and he said that banks probably shouldn’t be sending messages containing links. But if a security professional tries to get that message across to the bank’s sales/marketing staff they come up against a wall. Email is still a valuable tool for financial firms. They’re a business, so there’s no doubt, you will get email messages from some banks. Ignore them or at the very least, type in the banks URL manually, rather than clicking the link contained in the message. Safety first!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: