Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Home Depot Breach Results in First Phishing Scam

It didn’t take long for scammers to catch a ride on the Home-Depot-data-breach wave. Last week, CYREN caught and blocked emails claiming to be from American Express, containing the “subject header” “American Express – Security concern on Data breach at Home Depot.”


The email takes an insidiously effective approach, reminding customers of the Home Depot breach and advising them to regularly check their online accounts for suspicious activity. Of course, the login link provided takes consumers to a phishing address. And, the “From” email address—[email protected]— (a legitimate American Express email address), is spoofed so the sender is further tricked into assuming that the email is legitimate.

What makes this email particularly dangerous is the content is an almost word-for-word reproduction of a message on the real American Express website relating to the Home Depot breach.


As always, CYREN reminds our readers to watch for clues that an email is fake. In this case, American Express will almost always include the card holder’s first and last name in the email, as well as a few digits of their account number. If this information is missing from the email, then it is very likely that it is fraudulent.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...