I got an email from American Express saying that I hadn’t logged into my account in a while and asking me to verify my info. Seems suspicious. How can I tell if it’s legit?
I don’t even need to see the email to definitely answer that it’s not legitimate and that it’s a scam, probably what’s known as a “phishing” attack. This is a form of attack where criminals try to trick you into revealing personally identifiable information, credit card numbers, login credentials or similar. What’s worse is that they can be ridiculously well done and at their worst, almost indistinguishable from the real Web site or service.
The American Express (AmEx) email you forwarded along isn’t quite that well done, but the bad guys have clearly spent some time trying to do something that will fool some of the people some of the time. And all too often, that’s good enough if you’re sending it to a million people or more, right? The real answer to any of these threats, therefore, is to have a high degree of skepticism about any email that tells you that you need to click on a link or button.
But let’s dig into this email a bit too…
It looks legit on first glance, but there are warning signs here. First, AmEx isn’t going to send an email to “Recipients”: it’d be to you explicitly. There’s also a grammatical error in the first paragraph: “you have not login your account in a while” should be “not logged in”, of course. But let’s say that you missed all the clues and moved your cursor over “this link” in the middle of the message.
Here’s what you’ll see in most decent email programs, a preview of the link:
You should all-stop here. There is zero chance that American Express is using a site called “nicatel.net” for anything related to your account, let along a page that’s pretty clearly hidden on an unwitting server as part of the phishing scam. 🙁
But hey, you’re moving fast and so you actually do click on the link. Here’s what you’ll get after a few redirect bounces:
Looks completely legit, right? Except, no. Look more closely at the address bar. In Google Chrome, at least, it’s warning you that this site is Dangerous, which should indeed be another warning flag. Oh, and that you’re on “tysonn.com” rather than “amex.com” or similar is a bit troubling too, right?
As with most of these phishing sites, you can enter literally any bogus, made up values to proceed through if you’re curious, so that’s what I’ll do. A bogus user ID and password and here’s the next thing that the bad guys want me to share:
Points for not just asking for your credit card number, but that would be easy for them to obtain if you gave them legit password and account ID information: it’s the additional secret numbers that need to stay secret. Just so not a good idea; if you ever encounter a request for this sort of information, it’s critical that you carefully analyze all the clues to ensure that the page is legit and from the organization you believe you’re interacting with. If not, well, that’s how people get ripped off.
And, finally, enter random junk here, click “Continue” and as the final step, the scammers drop you onto the real American Express site so you can log in again. Or, more likely, just jump to a different task without even really thinking that you just compromised your Amex card in a really egregious way.
The moral of this story? BE DARN CAREFUL. Really. The bad guys are getting pretty sophisticated. If you do get an email and you’re not sure if it’s legit, then go to your Web browser and type in the URL of the service that seems to have sent the email. Log in, and check for messages. If there aren’t any notifications, updates or messages, then you just sidestepped a scam. Well done.
