Amex, Chase Fraud Protection Emails Used as Clever Phishing Lure

A very clever phishing campaign is underway that pretends to be fraud protection emails from American Express and Chase that ask you to confirm if the listed credit card transactions are legitimate.

If you have credit cards and commonly use them, you may have received emails in the past asking you to confirm if a particular credit card transaction is valid.

These emails will display the name of the vendor, the date of the transaction, and the amount of the transaction. It then asks you to confirm if the attempted charge is legitimate or not.

In a new phishing campaign discovered by MalwareHunterTeam and shared with BleepingComputer, scammers are sending fake Chase and Amex fraud protection emails asking if charges from Best Buy, TOP UP B.V., and SQC*CASH APP are valid.

Examples of two of these phishing emails can be seen below (tap/click article images to see full size).

As the listed charges are fake, someone who receives this email may assume that someone has stolen their card and clicked on the NO button to dispute the transactions.

When doing so, the victim will be brought to a fake Chase or Amex login site where they will be sent through a long and arduous "verification" process that has them enter their login name and password, address, birth date, social security number, bank card info, and credit card info.

When you submit this information on the page, it will all be transmitted to the scammer's server where they can collect it later and use it for identity theft, sell it on the dark web, or use it for other malicious activity.

While there are some suspicious formatting on the phishing emails, for the most part, they do a very convincing job. Due to this, a person may click on the email's links as they are scared someone is fraudulently using their card.

Comparing real and fake fraud protection emails

As phishing scams become more sophisticated and convincing, it becomes a bit harder to detect whether an email is legitimate.

The best way to detect if an email is legitimate is to read it carefully and note if there are grammatical or spelling mistakes, misaligned buttons, strange bolded text, strange URLs, or awkward English. 

After reviewing the emails if there is any even the slightest suspicion, do not click on anything and simply call the merchant directly from the number on the back of your credit card.

In this particular phishing campaign, we can compare the fake fraud protection emails to legitimates one below.

As you can see, the fake Chase fraud protection email has misaligned buttons, unusual changes in font sizes, and strange bolding of text compared to the legitimate Chase fraud protection email on the right.

Similarly, if we take a look at the fake American Express fraud protection email and compare it to a legitimate one, you can see the same differences. Even the legitimate Amex email may be suspicious as it has a misaligned lock in the upper right-hand corner and the alert symbol next to 'Fraud Protection' looks strange.

What's even worse, both the Chase and Amex phishing emails have good use of the English language and appear to have been written by native speakers rather than translated through a service like Google Translate.

For this reason, there is a good chance that in the heat of the moment, a person may not notice the suspicious formatting and just click on the link to dispute the charges.

Due to this, even if you receive an email and it looks legitimate, always be sure to check the URL of the page the email links to.

If it does not look like a legitimate URL for the company, then do not visit it and junk the email.