Endpoint Security Reading Time: 3 minutes

The Comodo Antispam Labs team has identified a new phishing threat, targeted at all businesses and consumers who use American Express cards – a phishing threat designed to try and steal IDs, passwords and credit card information. American Express has reported more than 112 million total cards in force*.

phishing scams

The fake American Express phishing email looks like an official American Express email including being from “American Express”, although the email address is not, and there are spelling and grammatical errors in the email itself. The fake email includes an attachment which is an HTML file, which upon clicking and opening has a look and feel of an actual American Express website. The purpose of this page is to steal the potential victim’s American Express company card information and other personal or business information.

The Comodo Antispam Labs team identified the American Express phishing email through IP, domain, and URL analysis, and the Labs’ continuous monitoring and scanning of data from the users of Comodo’s internet security systems.

“The Comodo Antispam Lab is an expert resource of engineers and computer science professionals, who use innovative and proprietary Comodo cybersecurity technology to protect and secure the online world,” Fatih Orhan, Director of Technology for Comodo.  “We will continue to work diligently in creating and implementing innovative technology solutions that stay a step ahead of the cyber criminals, and keep enterprises and IT environments safe.”

If you feel your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, contact the security consultants at Comodo Antispam Labs https://enterprise.comodo.com/contact-us.php

Captured from the Comodo Antispam Labs, screen grabs and information on the American Express phishing emails are below.

*datapulledfromAmericanExpressAnnualReport: https://materials.proxyvote.com/Approved/025816/20150313/AR_239749/HTML2/american_express-ar2014_0005.htm

Phishing Email and Screengrabs 

From: American Express <customer-value-services@telvida.com>

Subject: Important Message Notification: Requirement Regarding Your Card

American Express


This phishing email includes an attachment which is an HTML file. Upon opening the HTML file in an Internet browser, it opens a page which is replicated version of American Express’ website with a similar look and feel. The purpose of this attachment is to steal the victim’s American Express business and consumer card information and other personal information.

In the web page it asks for user ID, password, all of card’s information, personal information, e-mail address and e-mail password.

American Express

American Express

Overall Analysis

This is a phishing mail that targets the users of American Express credit cards. The mail tells the victim to download an attachment and enter their account and card information. When the user downloads the attachment and fills the form it sends the victim’s information to the cyber thieves.