Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





American Express 'Unusual Activity' Phishing Scam

Outline
Email purporting to be from credit card provider American Express claims that irregular and unusual activity has been detected on the recipient's account and he or she must click a link to verify account details or the account will be restricted.

Hacker or thief stealing credit card

© Depositphotos.com/ Seamartini



Brief Analysis
The email is not from American Express. The message is a scam designed to trick AmEx customers into giving a large amount of personal and financial data to Internet criminals.

Bookmark and Share
Example

Subject: We noticed unusual activity in your American Express account   
   

Dear Valued Customer,
We detected irregular activity on your American Express.

Check Card on 8th October 2013.

As the Primary Contact, you must verify your account activity before you can continue using your card, and upon verification, we will remove any restrictions placed on your account.

To review your account as soon as possible please.

Please click on the link below to verify your information with us:
[Link Removed]

If you account information is not updated within 48 hours then your ability to access your account will be restricted.

 We appreciate your prompt attention to this important matter.

 ©2013 American Express Company. All rights reserved.

Detailed Analysis
According to this email, which purports to be from credit card provider American Express, irregular and unusual activity has been detected on the recipient's American Express account. The email warns that, unless the recipient clicks a link to update information within 48 hours, restrictions will be placed on the account.

However, the email is not from American Express. Instead, it is a quite typical phishing scam designed to extract personal and financial information from American Express customers.

The initial email is quite a crude attempt. Paradoxically however, the bogus web pages used in the scam are fairly sophisticated.

Those panicked into clicking the link in the scam email will first be taken to a bogus page designed to look like a genuine AmEx webpage and asked to login with their user ID and password:


American Express

After "logging in" on the bogus site, the following "security message" will be displayed:
Your security is very important to us.

Because of high numbers of identity theft attempts we need to apply additional security to your account in order to keep our Cardmember safe.

Every couples of month we will screen this alert to your account and we will ask you to update your Personal information.

This way we reduce the risk of identity theft and all your personal informations will be kept safe.

This is not an optional step, if you do not complete the next form we will be forced to Lock your account.

Please press Continue and complete the form on the next page as soon as possible.

After pressing "Continue", they will be presented with a form that asks for credit card data as well as a large amount of personal information:

American Express

Next, another form will appear that asks them to input both their email address and email account password, supposedly as a means of proving their identity:

American Express

Finally, they will be automatically redirected to the genuine American Express website.

Meanwhile, the scammers can harvest all of the information submitted via the bogus forms. Using this stolen information, the scammers can hijack American Express and email accounts belonging to their victims and lock out the rightful owners. They may also use the harvested information to steal the identities of victims.

American Express customers are regularly targeted in such phishing campaigns. Phishing continues to be a very common type of criminal activity. Be wary of any unsolicited message that claims that you must click a link or open an attached file to rectify a supposed issue with your online account.

You can report American Express phishing scams via the submission details on the company's website.

It is always safest to login to all of your online accounts by entering the account address into your browser's address bar rather than by clicking a link in an email.

Bookmark and Share

Last updated: October 10, 2013
First published: October 10, 2013
By Brett M. Christensen
About Hoax-Slayer

References
typical phishing scam
American Express 'Online Security Service Notification' Phishing Scam
American Express 'Security Verification' Phishing Scam
Whom do I contact if I think I have received a phishing e-mail?