Tuesday, July 3, 2018

Important Notice!!! ( American Express Phishing )


This is an automated email, please do not reply

Important Update

We noticed there's a problem associated with your account due to breakdwon in security.
For protection, Require you to update it immediately so as to have your account restored.
Kindly use the link below to sign in and restore your account.
Click Here To Update

Regards,
American Express Company

© All users of our online services subject to Privacy Statement and agree to be bound by Terms of Service. Please review. © 2018 American Express Company. All rights reserved.

Email analysis :

NOTE : safeguards@mt.com
NOTE : client-ip=68.99.120.44;⁩


Phishing analysis :

CLICK : Click Here To Update
OPEN : http://www.getsmartcenter.com/wp-admin/bless.htm


RESULT : Phishing was removed

Thursday, June 30, 2016

Account Alert: Personal Safe Key (PSK)

American Express Personal Safe Key (PSK)

Please create your Personal Security Key. Personal Safe Key (PSK) is one of several authentication measures we utilize to ensure we are conducting business with you, and only you, when you contact us for assistance. American Express uses 128-bit Secure Sockets Layer (SSL) technology. This means that when you are on our secured website the data transferred between American Express and you is encrypted and cannot be viewed by any other party. to create your PSK (Personal Safe Key).
Note: You will be redirected to a secure encrypted website. The contained message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Sincerely, American Express Customer Service.

Create your PSK

Kind regards,
Dave Barry

American Express. All rights reserved.

Screenshot of the email :


Email analysis :

NOTE : AmericanExpress@welcome.aexp.com
NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from adsl-97.79.107.137.tellas.gr (79.107.137.97)


NOTE : Account Alert: Personal Safe Key (PSK)

Phishing analysis :

CLICK : Create your PSK
OPEN : http://verifybyamericanexpress.com/create
NOTE : Website is unresponsive...
NOTE : Domain name analysis...

verifybyamericanexpress.com analysis :

Domain name: verifybyamericanexpress.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Update Date: 2016-06-27T16:00:00Z
Creation Date: 2016-06-28T14:44:31Z
Registrar Registration Expiration Date: 2017-06-27T16:00:00Z
Registrar: Todaynic.com, Inc.
Registrar IANA ID: 697
Registrar Abuse Contact Email: cs@now.cn
Registrar Abuse Contact Phone: +86.7563810552
Registrant Name: Mong Lwan
Registrant Organization: n\\a
Registrant Street: 33 Xiamen road
Registrant City: Xiamen
Registrant Province/state: FJ
Registrant Postal Code: 350318
Registrant Country: CN
Registrant Phone: +86.7543376322
Registrant Fax: +86.7543376322
Registrant Email: cs@now.cn
Admin Name: Mong Lwan
Admin Organization: n\\a
Admin Street: 33 Xiamen road
Admin City: Xiamen
Admin Province/state: FJ
Admin Postal Code: 350318
Admin Country: CN
Admin Phone: +86.7543376322
Admin Fax: +86.7543376322
Admin Email: cs@now.cn
Tech Name: Mong Lwan
Tech Organization: n\\a
Tech Street: 33 Xiamen road
Tech City: Xiamen
Tech Province/state: FJ
Tech Postal Code: 350318
Tech Country: CN
Tech Phone: +86.7543376322
Tech Fax: +86.7543376322
Tech Email: cs@now.cn
Name Server: a.dnspod.com
Name Server: b.dnspod.com
DNSSEC: unsigned
Billing Name: Mong Lwan
Billing Organization: n\\a
Billing Street: 33 Xiamen road
Billing City: Xiamen
Billing Province/state: FJ
Billing Postal Code: 350318
Billing Country: CN
Billing Phone: +86.7543376322
Billing Fax: +86.7543376322
Billing Email: cs@now.cn

Friday, June 17, 2016

Account Alert: Personal Safe Key (PSK) (American Express Phishing)

American Express Personal Safe Key (PSK)

Please create your Personal Security Key. Personal Safe Key (PSK) is one of several authentication measures we utilize to ensure we are conducting business with you, and only you, when you contact us for assistance.

American Express uses 128-bit Secure Sockets Layer (SSL) technology. This means that when you are on our secured website the data transferred between American Express and you is encrypted and cannot be viewed by any other party. to create your PSK (Personal Safe Key).
The contained message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Sincerely, American Express Customer Service.

Create your PSK

Kind regards,
Dave Barry

American Express. All rights reserved.

Email screenshot :


Email analysis :

NOTE : User-Agent : Mozilla/5.0 (Windows NT 6.1; rv:24.0)
NOTE : Gecko/20100101 Thunderbird/24.2.0
NOTE : Return-Path : < americanexpress@welcome.aexp.com >
NOTE : Mime-Version : 1.0
NOTE : Content-Transfer-Encoding : 7bit
NOTE : Content-Type : text/html; charset=ISO-8859-1
NOTE : Received : from localhost (HELO queue) (127.0.0.1)
NOTE : Received : from unknown (HELO AGSKISAJ) (175.157.252.110)


NOTE : Account Alert: Personal Safe Key (PSK)

Phishing analysis :

CLICK : Create your PSK
OPEN : http://amexpersonalsafetykey.com/create
SCREENSHOT :


CLICK : Log In
REDIRECT : http://amexpersonalsafetykey.com/create/step2.html
SCREENSHOT :


CLICK : Continue
REDIRECT : http://amexpersonalsafetykey.com/create/step3.html
SCREENSHOT :


CLICK : Continue
REDIRECT : http://*.*.id.opendns.com/s/phish.opendns.com/index.php?X-OpenDNS-Session=*_*_*_url=amexpersonalsafetykey.com%2Fcreate%2Fstep3.html&server=ams16&prefs=&tagging=&nref

Whois amexpersonalsafetykey.com :

Domain name: amexpersonalsafetykey.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Update Date: 2016-06-16T16:00:00Z
Creation Date: 2016-06-16T17:27:11Z
Registrar Registration Expiration Date: 2017-06-16T16:00:00Z
Registrar: Todaynic.com, Inc.
Registrar IANA ID: 697
Registrar Abuse Contact Email: cs@now.cn
Registrar Abuse Contact Phone: +86.7563810552
Registrant Name: Ping Lun
Registrant Organization: na
Registrant Street: 5\\A Xiamen road park
Registrant City: Xiamen
Registrant Province/state: FJ
Registrant Postal Code: 350344
Registrant Country: CN
Registrant Phone: +86.7543376325
Registrant Phone EXT:
Registrant Fax: +86.7543376325
Registrant Fax EXT:
Registrant Email: cs@now.cn
Registry Admin ID:
Admin Name: Ping Lun
Admin Organization: na
Admin Street: 5\\A Xiamen road park
Admin City: Xiamen
Admin Province/state: FJ
Admin Postal Code: 350344
Admin Country: CN
Admin Phone: +86.7543376325
Admin Phone EXT:
Admin Fax: +86.7543376325
Admin Fax EXT:
Admin Email: cs@now.cn
Registry Tech ID:
Tech Name: Ping Lun
Tech Organization: na
Tech Street: 5\\A Xiamen road park
Tech City: Xiamen
Tech Province/state: FJ
Tech Postal Code: 350344
Tech Country: CN
Tech Phone: +86.7543376325
Tech Phone EXT:
Tech Fax: +86.7543376325
Tech Fax EXT:
Tech Email: cs@now.cn
Name Server: a.dnspod.com
Name Server: b.dnspod.com
Billing Name: Ping Lun
Billing Organization: na
Billing Street: 5\\A Xiamen road park
Billing City: Xiamen
Billing Province/state: FJ
Billing Postal Code: 350344
Billing Country: CN
Billing Phone: +86.7543376325
Billing Phone EXT:
Billing Fax: +86.7543376325
Billing Fax EXT:
Billing Email: cs@now.cn

Wednesday, March 9, 2016

Αχ99608254 (American Express Phishing)

American Express

Hello *@*.com,

Your account may become inactive. Please Continue and review your data.

Continue

Thank You!

Safeguarding You. There are no guidelines about levels of compensation in this area. Often, the parties can reach agreement about the amount of compensation which is appropriate. If they cannot agree, the court will have to decide. If an individual claims a certain amount in compensation, they will need to be able to show how your failure to comply with the Act has resulted in their incurring that amount of loss or damage.

Website Rules and Regulations Trademarks Privacy
Copyright © 2016 American Express Company

Phishing analysis :

CLICK : Continue

OPEN : http://mazurtransportes.com.br/men.php?***

REDIRECT : http://www.amex.com-signinpage.id2432534641f6a850a564167e47e1fdd0fdacef8342d42f0ad67777522257.culichi-town.com/theonlineamexe8479346463427wanp847823/

SCREENSHOT :


VALIDATE : FORM

REDIRECT : http://www.amex.com-signinpage.id2432534641f6a850a564167e47e1fdd0fdacef8342d42f0ad67777522257.culichi-town.com/theonlineamexe8479346463427wanp847823/acountds98038022-902902.php

SCREENSHOT :


VALIDATE : FORM

REDIRECT : http://www.amex.com-signinpage.id2432534641f6a850a564167e47e1fdd0fdacef8342d42f0ad67777522257.culichi-town.com/theonlineamexe8479346463427wanp847823/finisi.php


REDIRECT : https://www.americanexpress.com/us/content/sitemap.html

Email analysis :

NOTE : interview@openid.amex.net
NOTE : interview@open.amex.net
NOTE : Received : from myremote1 (40.77.111.141)


NOTE : by CV2K59CE.cablevision.mx (172.21.30.161)
NOTE : Received : from unknown (HELO corp.cablevision.net.mx)
NOTE : ([172.21.30.160]) by delivery-a-04.corp.cablevision.net.mx