Businesses be warned: New American Express scam replicates secure website

A new email scam is doing the rounds, this time imitating an American Express email warning users of suspicious activity on their cards.

Uncovered by Mailguard, the email links to what appears to be the American Express website in order for users to “safeguard” their account. In reality, users are tricked into handing over their card details through what seems to be a legitimate interface.

This is the second email scam in recent weeks that has perfectly replicated a legitimate website, with an scam imitating Australia Post using up-to-date graphics and even a “Captcha” system for implied security.

This time scammers have gone one step further, registering the domain with a free SSL certificate provider in order to further imitate a secure website. SLL certificates give websites the green lock symbol next to the URL along with a “https” web address.

Any website requiring payment details or other sensitive information will almost always have a SSL certificate, indicating an encrypted connection.

However, any website can get an SSL certificate, and it does not mean the website is legitimate or that data is secure. In the past, a green lock indicated that a website was legitimate, but recent changes now allow any website to receive a free SSL certificate.

After entering their credit card information through this scam email, the user is directed back to the legitimate American Express website.

On their website, American Express offers some tips for users in spotting a fake or malicious email:

“Fake emails can often (but not always) be spotted in the following ways:

  • The sender’s email address is different from the real organisation’s website address.
  • The email is sent from a completely different address or a free webmail address.
  • The email does not use your proper name, but uses a non-specific greeting such as “Dear customer”.
  • They want you to act urgently – i.e. that unless you do something right away, your account may be closed or suspended.
  • The email contains a request for personal information such as username, password or bank details.”

Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on TwitterFacebook, LinkedIn and Instagram.