Home Depot Breach Results in First Phishing Scam

by PhishingSecurity Research & AnalysisWeb Security

It didn’t take long for scammers to catch a ride on the Home-Depot-data-breach wave. Last week, CYREN caught and blocked emails claiming to be from American Express, containing the “subject header” “American Express – Security concern on Data breach at Home Depot.” 

tl_files/assets_cyren/images/blog/20140810_img1.png

The email takes an insidiously effective approach, reminding customers of the Home Depot breach and advising them to regularly check their online accounts for suspicious activity. Of course, the login link provided takes consumers to a phishing address. And, the “From” email address—AmericanExpress@welcome.aexp.com— (a legitimate American Express email address), is spoofed so the sender is further tricked into assuming that the email is legitimate.

What makes this email particularly dangerous is the content is an almost word-for-word reproduction of a message on the real American Express website relating to the Home Depot breach. 

tl_files/assets_cyren/images/blog/20140810_img2.png

As always, CYREN reminds our readers to watch for clues that an email is fake. In this case, American Express will almost always include the card holder’s first and last name in the email, as well as a few digits of their account number. If this information is missing from the email, then it is very likely that it is fraudulent.

Go back