Example of a “well-done” phishing attack

So I got the following email this morning in my inbox which made it happily past our gateway based spam filter and my outlook spam filter.


The link is a phishing site (even though it is https:// ;-) – however no phishing filters have it in their list (e.g. google, firefox, microsoft, netcraft…) Clicking on it gets me here


Going through the process, they surely collect the hell of a lot of personal information. They also “check” each input values to be correct (e.g. you can’t continue by entering a non-valid credit card number). Looks really nice and clean.




And very nicely, they will try to log me into Amex straight away, so if I would have given them my “real” credentials, I would have been logged into my account…


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>