Cybercriminals have planted malware on hijacked websites

Oct 29, 2013 13:16 GMT  ·  By

Cybercriminals are on a mission to distribute malware with the aid of bogus American Express emails entitled something like “Fraud Alert: Irregular Card Activity.” 

The fake notifications appear to come from [email protected] and they read something like this:

“Dear Customer,

We detected irregular card activity on your American Express Check Card on 28th October, 2013.

As the Primary Contact, you must verify your account activity before you can continue using your card, and upon verification, we will remove any restrictions placed on your account.

To review your account as soon as possible please. Please click on the link below to verify your information with us: https://www.americanexpress.com”

The link doesn’t point to an American Express website, but to a hijacked domain that’s set up by cybercriminals to serve malware.

Be cautious in case you come across such emails in your inbox. Hover the mouse over the link and if it appears to point to a different domain than americanexpress.com, it’s most likely a malicious scheme.

Additional technical details on this campaign are available on Dynamoo’s Blog and CyberCrime & Doing Time.