Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





American Express 'Online Security Service Notification' Phishing Scam

Outline
Email claiming to be from American Express informs recipients that they must click a link to update online banking account information because new security measures are being imposed.

American express - logo vector

© Depositphotos.com/ barcova.natalia



Brief Analysis
The email is not from American Express. It is a phishing scam designed to trick recipients into giving their credit card details and other personal information to cybercriminals.

Bookmark and Share
Example

Subj: America Express Online Security Service Notification

DEAR VALUED CUSTOMER,

Your online banking account has to be updated as we impose measures to ensure your safety while banking online.

PLEASE CLICK BELOW TO CONTINUE
Verify your Access

These features are made to provide the most secure service and protection to you while online as failure to adhere may affect your online banking access in the future.

Thank You
Legal Advisor, America Express.


Detailed Analysis
According to this "security service notification", which claims to be from American Express, users are required to update information in their online bank accounts because new security measures are being imposed. They are warned that "failure to adhere" to the update request may affect future access to the account.

The message greets users generically as "Dear Customer" and claims to be from an unnamed American Express "legal advisor".

In fact, the message is not from American Express. It is a phishing scam designed to fool recipients into divulging their personal and financial information via a fake American Express website. Those who click the link will be taken to a site that hosts the form shown in the following screenshot:



american-express-security-notification-phishing-scam

The bogus form asks for credit card details as well as account login credentials, personal and contact information and even the user's email account password. Once victims have completed the form and clicked the "Submit" button, they will be automatically redirected to the real American Express website.

Meanwhile, the criminals running the phishing attack can use the stolen information to commit credit card fraud and identity theft as well as hijack American Express accounts belonging to their victims. They can also take control of victim email accounts and use them to launch further spam and scam campaigns.

American Express would never send an unsolicited email asking customers to click a link to update account details. And, genuine American Express emails will always greet customers by their names. It will never use generic greetings such as "Dear Customer". The company has published information about phishing scams and how to report them on its website.

Phishing scammers continue to attack Internet users all over the world and many users continue to fall for their tricks. Be cautious of any unsolicited message that claims that you must provide account information by clicking a link or opening an attached file. It is always safest to access all of your online accounts by typing the account address into your browser's address bar rather than by clicking an email link.

Bookmark and Share

Last updated: July 24, 2013
First published: July 24, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Friend Stranded in Foreign Country Scam Emails
American Express Security Center Identity Theft
Phishing Scams - Anti-Phishing Information