Mail’s Content
Date: Thu, 30 Jul 2015 04:07:52
From: “American Express”<Service@americanx.press.com>
Reply To: “American Express”<Service@americanx.press.com>
Subject: Important Information !
Dear Customer
American Express Accounts service is having a problem and in order
to protect our customer(s), we need you to re-authenticate your account.
Please download the document attached to your email and login to proceed.
Thank You.
© 2015 American Express Company. All rights reserved.
The document attached to this email is best viewed on Firefox and Google Chrome.
Attachment
This phising email includes a attachment which is a html file. Upon opening the html file in an internet browser it opens a page which is replicated version of American Express’s website. This page asks the victim’s credit card information and steals them.
Overall Analysis
This is a phishing mail that targets the users of American Express Credit Cards. The mail tells the victim to download an attachment and re-authenticate their account. When the user downloads the attachment and fills the form it sends the victim’s information to the attackers. The information collected from the victim is sent to a php service located at http://komaebible.com/wp/wp-content/languages/themes/rev.php.