It seems the recent Home Depot phishing scam has been reproduced using American Express as the new vehicle.
This authentic-looking email tries to direct us to what appears to be American Express’s website so we can log in and check our account activity. It claims that AmEx noticed recent activity on your card, and it provides a random recent date in the hopes that cardholders will not remember using their cards and thus feel compelled to check their statements for “suspicious activity.”
Conveniently, the email also warns us that there’s no need to call AmEx. It’s as if doing so would reveal a scam of some kind…
When we hover over the links, however, we see that they all point to “awerikan-express.com/americanexpress.” Phishers often rely on visually similar URLs to trick you into a sense of security.
It turns out that “awerikan-express.com/americanexpress” is a pretty good replica of the actual American Express website, americanexpress.com. It uses actual images and text from the legit AmEx site, and it provides a nice, obvious location for you to input your account information.
We’re not sure if anyone at UD has fallen for this one yet, but we advise all students and staff to only log in to websites after they have checked the URL and verified that they are in fact on the correct page. And always check the links before you click!
