During the past week, there have been three email hoaxes sent using American Express as the lure to trick recipients into clicking a link in the email. The latest of those emails was sent on Feb. 4 with the subject line “Important: Personal Security Key.”
The Feb. 4 “Personal Security Key” email included the American Express logo and buttons to View Account, Make a Payment, and Manage Alerts Preferences. In most respects, this email would not have been detectable as a scam by looking at except that it contained no personal information.
You can help by sharing this post. Here’s a tweet ready to go.
[tweetthis display_mode=”button_link”]A great #scamtip about those American Express emails[/tweetthis] — A great #scamtip about those American Express emails
TechHelpList.com investigated the email and reported that the emails had been sent from five IP addresses. The copy I received was from a different address. It’s quite likely this email scam has been sold and will be cropping up indefinitely. TechHelpList.com also reported that once a link in the email has been clicked, your browser will redirect to a phishing site where you will be asked to log in to your American Express account.
When I reported the email scam to American Express, they responded with two additional email hoaxes, one sent on Jan. 29 and the other on Feb. 3. The Jan. 29 email contains the subject “Account requires complete profile update” and showed a sender’s email address of “Onlinealerts@secureserver.com.” The Feb. 3 email contains the subject “Account Alert: Your February 2014 Statement is Ready” and showed a sender’s email address of “AmericanExpress@secureserver.com.”
It is important to note that the address in the “From” field in an email is not necessarily the actual sender’s email address. For instance, in my copy of the Feb. 4 email, the “From” address showed “American Express,” yet the return path was to a domain hosted on GoDaddy that had nothing to do with American Express, i.e., the “From” address was a fake.
Hi,
I received an e-mail scam yesterday:
From: American Express (itinamcdonald@robertsbrothers.com)
To: clients@mailsgro.com
I forwarded it to spoof@americanexpress.com and of course I did not click on any links. The e-mail said:
Dear American Express Customer
Your account will be limited over 24 hours if you failed to confirm your account information.
Recently, there’s been activity in your account that seems unusual compared to account activities.
Possible existence someone is using your AmericanExpress account without your knowledge.
Click the link below to confirm your account information
http://www.americanexpress.,com/signin/confirm/id=j83kiu37gfguu478
I noticed the grammar seems a bit off. Also, I do not even have an account with AMEX – Haha! I wish these clowns would get caught. I also see phishing or scams via e-mail to me from Chase, Paypal, Wells Fargo, and US Bank. There is a lot of this going on and I hope nobody clicks the links and types in the information being requested. Be Careful!
Thanks! Steve
Thanks for the comment, Steve. You are correct, it’s a flat out scam.
Hey there I keep getting scam emails like American Express Amex to tell me that I have an amount of $7650.32 ready to be deposited into my account. I do not have an American Express Card and they also very kindly left me their emails as well. trans.funds@letzzgo.com besides the other email address which is Transfer@Amex.com I hate scammers and have also been caught in the past
Thank you for the input and also for making us aware of the rotten people out there. Also thanks for giving us
aa platform to share our views and warn other people. If I think it is a scam I google first and see what comes up.
Kindest regards,
MariAnn
Have received this e-mail once a day for the last several days. We don’t even have an AmEx account ….
Dear American Express customer,
We have recently detected that a different computer user has attempted gaining access to your online account and multiple passwords were attempted with your user ID.
Hence it is necessary to re-confirm your account information and complete a profile update.
You can do this by downloading the attached file and updating the neccessary fields.
Note: If this process is not completed within 24-48 hours we will be forced to
suspend your account online access as it may have been used for fraudulent
purposes.
Completion of this update will avoid any possible problems with your account.
Thank you for being a valued customer.
(C) American Express Customer Service 2015.
Thanks for the comment. I’m glad you haven’t fallen for the trap. By the way, there’s a new one out now from “Chase Card Services.” I’ll be covering it on Sunday because it’s the best spam I’ve ever seen.
I got an email from here: Alert, ITRisk letmebe@yourking.com via wpengine.com asking Transaction Confirmation-American Express Card to open a link confarn.html ??????
I got one today…I don’t even have an Amex account, so obviously I didn’t click anything. I’m thinking this has something to do with the BCBS hack. I checked my credit and so far so good i believe…
Dear Customer:
We are writing to you because we need to speak with you regarding a security concern on your American Express. Our records indicate that you recently used your American Express card on February 10, 2015.
For your security, new charges on the accounts listed above may be declined. If applicable, you should advise any Additional Card Member(s) on your account that their new charges may also be declined.
To secure your account , please click log.
Your prompt response regarding this matter is appreciated.
Sincerely,
American Express
Contact Us
Privacy Statement
Add us to your address book
To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing. We kindly ask you not to reply to this e-mail but instead contact us via customer service.
© 2014 American Express. All rights reserved.
Thanks for sharing the email, Rachel. I’m glad you caught that it was an obvious fraud. I hope you’ll come back for more scam tips in the future.
I had exactly the same email. Thank you for sharing yours, Rachel.
I unfortunately opened one of these up regarding an AMEX profile reset (talked about in prior posts). It looked so real. I opened the link and began typing information. However, I soon realized something wasn’t right. My question is this. I typed some important information but never clicked send. Is that information still recorded (stolen) even though I didn’t click send? I still kick myself over this often (it happened in August 2014). So far so good but I had to do a fraud alert.
You’re probably going to be okay, especially since nothing has happened so far. However, putting a fraud alert on your credit accounts was a good decision and should keep you protected just in case.
I received an email today from americanexpress@customercare.com. That got me wondering wait a minute, wouldn’t the email address have @americanexpress. Here is the email:
Dear CardMember,
You are receiving this notification because you have selected to receive email notice of all American Express change notices.
American Express recently posted a new service update.
You are required to authenticate your account by downloading the attached file and update your American Express Account.
Once you complete the update, you will be propagated into the new server to enjoy all benefits.
Sincerely,
The American Express Team.
I looked further and saw that wait, they didn’t put my name in the email. And there is not much American Express information in the email either. Thankfully my spam saw this and I realized yes it is. But yes at first I was wondering what this is about.
I got the same message that Rebecca received but it was supposedly from Bank of America instead of American Express.
They wouldn’t know real from fake, but you might be setting yourself up to download malware when you click the submit button. Unless it’s strictly a phishing site, in which case there might be no harm done. The technology changes almost daily in this arena, so what might be a safe practice one day could mean disaster the next. In my opinion, it’s best just to not try to play the game or outsmart them. You’re already outsmarting them by not falling for the trick.
I’ve always wondered…what if one entered false logins and passwords at such sites?
Hi Kate. I assume you’re referring to the quick look feature on a Mac? I think Windows has something similar now, too. If so, you’re probably fine, but I’m not 100% certain. If the site you opened was a phishing site, you wouldn’t have any problems. Even if it was trying to download malware, there would most likely have been a message asking you if you wanted to approve the action. The bottom line is that you should be okay. If you have a virus/malware checker, you might want to run a full scan. And, if you’re on a Mac, consider installing ClamXAV and running a full check. That’s a free program I use all the time and it works very well.
very helpful. i got the same email asking me to update…. i noticed the poor english right away, but it still sounded a bit official because of the return address. I didn’t open anything, but i DID click on the “quick look” ….is that the same as clicking on one of the links? Yikes!
I got one today from americanexpress@customercare.com (but I don’t have an account with american express and it was sent to an email I wouldn’t use for any banking). It reads:
Dear Customer,
Account requires complete profile update,
We
have recently detected that different computer user had attempted
gaining access to your Online account, and multiple password was
attempted with your user ID.
It is now necessary to re-confirm your account information to us. If this process is not completed within 24-48 hours.
We will be forced to suspend your Account Online Access as it may have been used for fraudulent purposes.
Please update profile immediately by downloading the attached file.
American Express is dedicated to protecting your information.
Thank you for being a valued customer.
Kind Regards,
SafeGuards Team.
© 2014 American Express Company. All rights reserved.
Is this scam as well?
Hi Rebecca, this is a scam.There are several warning signs: the email sent to an incorrect account, the poor English, the immediate deadline, and the attached file. Delete that email and don’t click on any links or the file when you do it. Thanks for contacting me about this. Terry
Thank you for helping us identifying scams & cons.
I just received an email yesterday as follows: From:American Express (Americanexpress@secureserver.com) Your junk email filter is set to exclusive. Note: This is a service message regarding the American Express Security System.
Dear Customer:
Account requires complete profile update,
We have recently detected that different computer user had attempted gaining access to your Online account, and multiple password was attempted with your user ID.
It is now necessary to re-confirm your account information to us. If this process is not completed within 24-48 hours.
We will be forced to suspend your Account Online Access as it may have been used for fraudulent purposes.
Please update profile immediately by downloading the attached file.
American Express is dedicated to protecting your information.
Thank you for being a valued customer.
Sincerely,
SafeGuards Team.
(C) 2014 American Express Company. All rights reserved.
All users of our online services subject to Privacy Statement and agree to be bound by Terms of Service. Please review.
Indeed, Gigi, that is one of them.
I got one today announcing:
”
In the coming months, most American Express emails will be sent from a new email address. To continue to receive important messages regarding your Card account, please take the following actions:
• Add the new email address, AmericanExpress@member.americanexpress.com, to your address book or safe sender list.
• Note that you may continue to receive valid emails from the current address, AmericanExpress@email.americanexpress.com, during this time of transition.
• Emails from the new email address will continue to include your first and last name and the last five digits of your Card account to help assure you that the communications are valid and sent by American Express.
Thank you for your Card Membership.”