Endpoint Security Reading Time: 2 minutes

Comodo has discovered a new phishing scam, this time targeting American Express Credit Card customers. The mail instructs victims to download an attachment and then to re-authenticate their account.

Phishing Attacks

When the user downloads the attachment and fills the form, it sends the victim’s information to the attackers. The attachment is an HTML file, which, when opened in a browser, opens a fake American Express webpage. It is through this fake page that the victim’s credit card information can be stolen.
The information collected from the victim is sent to a php service located at: http://komaebible.com/wp/wp-content/languages/themes/rev.php.

The message reads as follows:

Date: Thu, 30 Jul 2015 04:07:52
From: “American Express”<Service@americanx.press.com>
Reply To: “American Express”<Service@americanx.press.com>
Subject: Important Information !
American Express

Dear Customer
American Express Accounts service is having a problem and in
order to protect our customer(s), we need you to re-authenticate your
Please download the document attached to your email and login
to proceed.
Thank You.
© 2015 American Express Company. All rights reserved.
The document attached to this email is best viewed on Firefox
and Google Chrome.

The fake page:

Fake Page

You should protect yourself by establishing secure methods of connection, namely through the most trusted security brand on the market. Comodo’s award-winning products protect you from all online threats that attack through your website, your PC, and your email.
Secure your email with Comodo KoruMail