American Express users are being targeted with phishing emails impersonating the company and advising users to create an “American Express Personal Safe Key” to improve the security of their accounts. The email appears to come from AmericanExpress(at)welcome.aexp(dot)com. Users are receiving an email like the image below:
Clicking on the “Create Your PSK” link in the email will bring the user to a fake Amex login page with a URL of amexcloudcervice(dot)com/login/. The victims are asked to input their Social Security number, date of birth, mother’s maiden name, mother’s date of birth, their email address, the Amex card info and identification number, and the card’s expiration date and 3-digit code on the back of the card.
The victims will be taken through the setup process even if they enter incorrect login credentials. After entering all of the information requested, they are redirected to the legitimate Amex website, making them believe they were using it the whole time.