NSS Labs has spotted a phishing campaign targeting American Express customers. The phishing emails ask users if they have recently reset their password, or verified their user ID for their American Express Card account online.
“Did you recently verify your User ID or reset the password that you use to manage your American Express Card account online?” reads the malicious notification.
Unlike the normal phishing mails, the link in the mail leads to website that hosts a variant of the Blackhole exploit kit.
BlackHole Exploit kit exploits the known vulnerabilities in Java , Adobe reader and others. After successfully exploiting the vulnerability, The site installs Trojan downloader in the victim system.
Once the Trojan download has been installed, anything from fake security products to keystroke loggers to eavesdropping software can follow.
“Did you recently verify your User ID or reset the password that you use to manage your American Express Card account online?” reads the malicious notification.
Unlike the normal phishing mails, the link in the mail leads to website that hosts a variant of the Blackhole exploit kit.
BlackHole Exploit kit exploits the known vulnerabilities in Java , Adobe reader and others. After successfully exploiting the vulnerability, The site installs Trojan downloader in the victim system.
Once the Trojan download has been installed, anything from fake security products to keystroke loggers to eavesdropping software can follow.
