Reader Mike sent me a note saying that he received a convincing looking phishing e-mail, I thought it was worth a reminder to be careful of these types of scams. The scam they received was an e-mail pretending to offer 150,000 points on a Hilton American Express card. The scammers used the same subject line that American Express usually uses for this type of offer and the same creatives.
The key differences/things to look for are:
- Sender e-mail, in this case this was not from American Express but from a junk e-mail address (e.g [email protected]). The sender e-mail can be spoofed, so this isn’t fool proof
- The e-mail was entirely pictures rather than pictures and text. Scammers often do this to try to avoid tripping any automated spam filters.
- Link didn’t go to an American Express domain name. When you apply for an American Express card you want to make sure the domain name is americanexpress.com. In this instance it redirects you to the scammers domain name so they can get all your sensitive information. On google chrome next to the URL it will also show if a site is secure and who it’s registered to. In the case of American Express it shows that it’s a secured domain and that it’s registered by American Express. The phishers domain name showed as unsecured.
These scams aren’t limited to American Express, scammers will try this type of thing using any well known brands. If an offer is too good to be true, it usually is. In this case they just made they actually made the offer the same as the standard increased bonus which made it more believable. Before entering any sensitive and private information please make sure you’re entering it where you want to and aren’t being scammed.
I’m sure readers also have some good tips on what to look for. Share them in the comments below.