Severity

Medium

Analysis Summary

A new type of phishing campaign that is targeting American Express card users. In these incidents, attackers are sending a hyperlink as part of a phony account update to access the victim’s credentials and other account details.

What makes this phishing attack different is that instead of using a hyperlink to send victims to a malicious landing page, this scheme deploys an embedded “base href” URL to help hide the true intent from anti-virus and other security tools. The attackers behind this phishing campaign also sought out as many American Express users as possible and did not discriminate between corporate users or consumers. The attack targeted users four types of American Express accounts: actual credit cards, membership reward accounts, merchant accounts and American Express @Work accounts.

Impact

• Credential theft
• Exposure of sensitive information

Remediation

• Always be suspicious about emails sent by unknown senders.
• Never click on the link/ attachments sent by unknown senders.