Superficially, this phish looks convincing. A lot of us shop at amazon.com using an American Express card. Oh, no! We’re in trouble! Only if any of us click any of the links in this message.
Look at this message for about 10 seconds and it becomes apparent that it’s just another rotten phish.
- Sent to a list of addresses. Real banks and credit card companies do not do that. They know that it’s a security breach to expose customers’ email addresses to other customers.
- Bad links: hover your mouse over either of the two links in the message body that allegedly go to an American Express site. As the screen shot below indicates, they will take you to an identity-harvesting site. Actually, three of the links in the footer will also take you to non American Express Web sites.
- Message content: Do not click any links in this email message. If you are an American Express customer, instead, in your web browser, go to the standard credit card site where you usually log in, log in there, and look for a secure message to you from your credit card company.
Even though this phish has the stolen logos and a serious looking footer, if you just pay attention for a few seconds, you’ll draw the proper conclusion: Just delete the message!
Click the image to see a larger version of this phish.