A spam mail purportedly coming from American Express asks if the recipients recently tried to verify their user IDs or change the account password.
The message is designed to trick recipients into clicking a link in the mistaken believe that someone has tried to access their American Express account.
Those who click the link will be taken to a webpage that advises them to wait while the page is loading (see screenshot on right). However, an American Express login page does not appear as the user would expect. Instead, the page will redirect to another site that harbours the BlackHole exploit kit.
"Criminals intent on distributing Blackhole have used a number of similar email campaigns in recent months including fake Verizon Wireless bills, bogus Amazon.com order notifications and flight ticket confirmations falsely claiming to be from various airline companies. " Hoax-layer report reads.