People never learn from others’ mistakes, or so it would seem from the high number of American Express users who fell victim to the most recent phishing attack.
Targeted phishing attacks are getting more difficult to detect. That’s why we always have to double-check the senders’ addresses, even though they might seem legit. In the American Express scam, hackers sent emails impersonating the company by replicating a potential template and went as far as creating a fake setup process for an “American Express Personal Safe Key” attack.
The emails urged customers to create this account to, ironically, protect their computer from phishing attacks. When the link was accessed, it took them to a fake page that asked for private information such as social security number, date of birth, mother’s maiden name and date of birth, email and all American Express card details, including codes and expiration date.
Following a massive rise in malware attacks, users should never address suspicious emails; but it’s always difficult to tell the real from the fake, especially if you are not tech-savvy or too familiar with the internet. However, should you receive an unexpected email from your bank, credit card company or other institution asking you to click a link, confirm payment or reveal private data, call the company first. It’s better to be suspicious than to deal with fraud or extortion.
If, by any chance, you did click on a bad link, exit the window and disconnect from the internet. If you’ve been infected with malware, this will stop it from spreading to other devices in the network. You might have to reboot your system, so always have a backup of your data on an external device, or everything will be lost if your computer is hacked. Of course, having a security solution up and running will also help you prevent this hassle.