Russian cybercriminals hiding behind fake Chinese WHOIS have launched sophisticated phishing attacks.
Targeting owners of major US bank accounts, the attacks involve the registration of domains resembling those of financial institutions; most of these domains are registered with Chinese domain registrars.
Chase Bank is one such example we covered; Wells Fargo is another such incident.
American Express is now targeted in an attempt to steal valuable account credentials, and while the WHOIS info for the domain AXPOGlobalVerify.com is Chinese, the hosting servers are in Russia.
In this case, the portal of American Express has been replicated; the moment an unsuspecting victim enters their information as instructed in the phishing email, their credentials are sent to the cybercriminals operating this scheme.
Cybercriminals created this fake portal of American Express.
The following domain names are being used by the same scammers, registered with the Chinese domain registrar, TodayNIC.
aconnectgateway.com
aexpoglobal.com
americanexpress-srv7.com
americanexpresslife.com
americannewexpress.com
amex-welcome.com
axpobetaglobal.com
betaamericanexpress.com
chase-online-support.com
transtasmanonline-anz.com
transtasmanonlineanz.com
transtasmanonlineanzsrv1.com
transtasmanonlineanzsrv2.com
welcome-chase-online.com
To avoid having your financial account credentials – and your money – stolen, never click on email links, no matter how persuasive they seem to be. Always visit the web site of your bank by typing it directly into the web browser.
