American Express Phishing Alert

This spring and summer, a phishing scam has appeared in a number of forms aimed at American Express customers. If you are an American Express customer, please take today’s post into consideration and be especially careful of your personal information.
Back to Blog
Written by Staff Writer • Posted on Aug 25, 2014

This spring and summer, a phishing scam has appeared in a number of forms aimed at American Express customers. If you are an American Express customer, please take today’s post into consideration and be especially careful of your personal information.

If you are an American Express customer and you receive an email asking you to “create your Personal Security Key”, be extremely wary. The text these scammers are using sounds authentic but is not. As an AmEx customer, you can only set up or change your Personal Security Key by calling American Express over the phone. They will never ask you to change your information via email.

These scammers have created fake websites that look nearly identical to the official American Express site. Unfortunately, victims of the scam are often convinced by the looks of these fake websites and will continue to log in and enter their information. However, before entering any information, you should look very carefully at the website and, in particular, at the URL in the address bar.

If you visit AmericanExpress.com, the official URL at the top of your browser window will read https://www.americanexpress.com/. Fake sites run by scammers will redirect you to another address. So even if the wording and graphics on the website look almost exactly like the American Express home page, the address is different. It will probably show an address completely unrelated to American Express, as scammers don’t have access to and are not officially part of that company.

One nifty trick is to move your cursor over a suspicious link in an email and let it “hover” there. DON’T CLICK. When you let your cursor hover over a web link, the address the link actually goes to will appear and you’ll see that it’s not actually linking you to American Express. Delete the email.

Another thing to look for is in the email itself. Oftentimes there are grammatical and spelling errors in the body of a spam email. If you look closely at the address sending you an email message, spam emails often come from odd names even though they claim to come from a legitimate company. For example, just this weekend I received a spam email from the address altieri@webgraff.com.br claiming to be from a friend. However, the email was blank except for a fishy-looking link. So I marked the email as spam and deleted it. If you examine the sender's email address—altieri@webgraff.com.br—it doesn’t have a recognizable name or company, and the ".com.br” hints that it was probably sent from a scammer in another country.

You can never be too careful with your personal information online! Always employ caution and care when dealing with unfamiliar people and businesses over the Internet. Questions? Please don’t hesitate to ask! Leave them in the comments below.