AppRiver has uncovered a phishing scam, purporting to be from American Express, currently circulating trying to do just this. At the time of writing, this campaign continues to circulate. The key to a convincing looking phishing website is to try and make it look and feel as much like the mimicked site. It even contains a notice at the bottom about reporting suspicious emails to americanexpress.com/phishing.com. The username and password are sent plain text in the actual uri GET request and set as cookies in the http header.”]

