American Express – Phishing

Email Title

American Express Online Form

Email Body

Dear American Express customer,

A newly revised American Express Online Form has been issued by the American Express Customer Care Team. Please complete this form as soon as possible You can access the form at:

American Express Online Form

Thank you for choosing American Express.

Sincerely,
American Express

Links in the Email (Do not visit- Phishing Site)

http://ohipowemir.freehostyou.com/buzyhi.html (further links following this segment)

redirects to

http://www212.americanexpress.com.dll.kz/mydata/form/apisrv.php?session=357512222366960012355294883196460182463538832786548631977563797333777266724

Further Links

  • http://guzDakiwypi.dreamstation.com/zyfenowa.html
  • http://www.212.americanexpress.com.idlls.ru/mydata/forms/apisrv.php?session=3D02828955=600287685613861760474911
  • http://agixeqov.easyfreehosting.com/ilaluloq.html
  • Any http://idlls.ru site

Screenshot

American Express - Phishing - Screenshot

What do I do now?

Forward the email to UKspoof@americanexpress.com and then delete it. Read what American Express says about online fraud here – http://www.americanexpress.com/uk/safeandsecure/faq_fraud.shtml

Website Details

Whois Server for the KZ top level domain name.
This server is maintained by KazNIC Organization, a ccTLD manager for Kazakhstan Republic.
Domain Name…………: dll.kz
Organization Using Domain Name
Name……………….: Oksana Bojko
Organization Name……:
Street Address………: ul.Kolmogorova d.3A kv.109
City……………….: Ekaterinburg
State………………: Sverdlovskaya oblast
Postal Code…………: 620034
Country…………….: RU
Administrative Contact/Agent
NIC Handle………….: DOMAINER
Name……………….: Alexander Kuznetsov
Phone Number………..: +7.9057788628
Fax Number………….: +7.9057788628
Email Address……….: info@gname.net
Nameserver in listed order
Primary server………: ns1.growthiring.com
Primary ip address…..: 188.138.35.149
Secondary server…….: ns1.froxyholl.com
Secondary ip address…: 188.138.35.149
Secondary server…….: ns2.growthiring.com
Secondary ip address…: 88.113.177.94
Secondary server…….: ns2.froxyholl.com
Secondary ip address…: 74.124.63.18
Domain created: 2010-05-12 15:06:08.0
Last modified : 2010-05-13 22:39:17.0
Domain status : ok – Normal state.
Registar created: SKILLTEX
Current Registar: SKILLTEX

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • MisterWong
  • Y!GG
  • Digg
  • del.icio.us
  • Reddit
  • Facebook
  • Technorati
May 31, 2010 • Tags: , • Posted in: Phishing
Symantec's Norton AntiBot

One Response to “American Express – Phishing”

  1. Admin A - June 4, 2010

    Received an email from support1@0catch.com saying that http://ohipowemir.freehostyou.com/buzyhi.html has now been suspended.

    [Reply]

Leave a Reply

Do not spam the comments otherwise you will be added to the Spammers page. Only good feedback will be accepted.