Did someone just try to PHISH Me?

I want to start with a personal story. Last week, I received this very realistic (and Sneaky) email from who I thought on Initial inspection was American Express.

I saw the AMEX logo, A gold card that kind of looked quite similar to my card (although on second thought my card was platinum).

The message: someone from China had attempted to use my account!

How terrible! I need to take action Now!—that was my initial thoughts (and I’m sure I wouldn’t have been alone!).

Even the wording seemed somewhat plausible for AMEX to send. But the details weren’t quite right. And the scary part is that THE DETAILS ARE REALLY EASY TO OVERLOOK when you’re emotionally reacting to a possible heck into your credit card, a bank account, or any other login! I was reacting emotionally to the email and wanted immediate actions taken to ensure everything would go back to normal.

But as the irrational emotions started waning and my IT head started to come back to life, I asked myself, is this for real?

Here or the gritty details that are WRONG with this AMEX email:

  1. Email address—while the American express is indeed listed, notice that it is NOT quite right. On a quick glance, my eyes overlooked that the address was from american@express.com, NOT americanexpress.com. A sender address is probably the easiest way to ID whether someone is trying to trick you. More often than not, scammers are tricky, but not impeccably so. URLs are likely to be slightly different than the real address. If you see any suspicious activity in the sender address, don’t trust the message!
  2. Dear Card Member—normally, companies address you personally in some way. They use email blast services that send more personalized messages. Having an email that simply address Customer or User is a little bit suspicious.
  3. Account numbers—typically, businesses will mention a user name, but account numbers aren’t always used, especially in the header of the message.
  4. Links within emails—should NEVER be clicked to sign into your account. I’d prefer you not click on email links when you aren’t expecting mail when it’s coming from a bank, credit card, or other businesses with which you hold accounts. Rather, log into your account from entering the URL to the business in your browser. You never know where you’ll be taken when you click on a link! It may be a landing page similar to your bank’s—where someone is stealing your credentials. OR it might take you to an infected website that is trying to spread Cryptowall onto your computer.

Bottom Line: Better to be safe than sorry. Remember to take a deep breath and critically evaluate URGENT emails before acting. And when you decide to act, don’t click on links or take actions suggested by the email without first calling a published number to verify the email was legitimate.

If you have ANY questions about security or you need a SMART firewall to prevent phishing attacks and hacks from penetrating your business, Contact Ben today to learn what you can do to avoid scams!