During the past week, there have been three email hoaxes sent using American Express as the lure to trick recipients into clicking a link in the email. The latest of those emails was sent on Feb. 4 with the subject line “Important: Personal Security Key.”
The Feb. 4 “Personal Security Key” email included the American Express logo and buttons to View Account, Make a Payment, and Manage Alerts Preferences. In most respects, this email would not have been detectable as a scam by looking at except that it contained no personal information.
You can help by sharing this post. Here’s a tweet ready to go.
[tweetthis display_mode=”button_link”]A great #scamtip about those American Express emails[/tweetthis] — A great #scamtip about those American Express emails
TechHelpList.com investigated the email and reported that the emails had been sent from five IP addresses. The copy I received was from a different address. It’s quite likely this email scam has been sold and will be cropping up indefinitely. TechHelpList.com also reported that once a link in the email has been clicked, your browser will redirect to a phishing site where you will be asked to log in to your American Express account.
When I reported the email scam to American Express, they responded with two additional email hoaxes, one sent on Jan. 29 and the other on Feb. 3. The Jan. 29 email contains the subject “Account requires complete profile update” and showed a sender’s email address of “Onlinealerts@secureserver.com.” The Feb. 3 email contains the subject “Account Alert: Your February 2014 Statement is Ready” and showed a sender’s email address of “AmericanExpress@secureserver.com.”
It is important to note that the address in the “From” field in an email is not necessarily the actual sender’s email address. For instance, in my copy of the Feb. 4 email, the “From” address showed “American Express,” yet the return path was to a domain hosted on GoDaddy that had nothing to do with American Express, i.e., the “From” address was a fake.