In prior Privacy Perils, we've repeatedly warned of phishing emails seeking to obtain your confidential information that appear to come from a legitimate financial institution, but which really originate from a bad actor. According to an alert from AppRiver (summarized in an article on the site of internet security group Guru), a new, sophisticated and "well thought out" version of this scam is making the rounds. Under this variation, the typical email is received referencing supposed suspicious activity on your American Express account, and provides a link for you to enter confidential information to "ensure the safety of your account." What makes this scam particularly dangerous is that the URL link appears legitimate (containing "americanexpress.com"), includes the presumably secure "https" designation (hypertext transfer protocol over secure socket layer), and the bogus site accurately reproduces the look of American Express' site. In fact, after you have entered your confidential information on the illegitimate site, you are then directed to the official American Express homepage.
So what's a poor user to do? First, never access your bank or similar online account through an email link – open your browser and navigate directly to the site. Second, remember that your financial institution will never solicit confidential information by email.