Email purporting to be from American Express claims that access to your card has been blocked until you update your profile information via an HTML form contained in an attached file.
The email is not from American Express. It is a phishing scam designed to steal your credit card numbers, your email account password, and a host of other identifying personal information.
Dear [email address removed]; Your Membership Access has been Blocked
Card Access Blocked Confirmation
News – We’ve Blocked Your Card Access For your security:
Dear Valued Member:
Did you recently verify your User ID as requested by all American express Member? If not, then it’s time to do so. We request all valid member to update their profile information to manage your American Express® Card account online.
We have sent all members our updated HTML Web Page to update to enable us serve your better. If you recently updated on our HTML Web Page, you can disregard this email and card access will be automatically active. This is to help protect your identity online, we want to be sure that all valid members are part of this program.
For your convenience, please follow the Important instruction on HTML Web page update.
An HTML Web Page has been attached to this email, kindly Download and save to your device desktop. Continue by filling your profile information to re-activate your card access.
To recognize your excellent history as an American Express® Card Member, we are pleased to inform you that all newly updated member will be rewarded with extra points on reward program.
We hope this provides you greater flexibility to make purchases on your card as you continue to enjoy the benefits of membership.
Thank you for your Card Membership.
American Express Customer Care
P.S. To learn how to protect yourself on the internet and for information about Identity Theft, Phishing and Internet Security, please visit our Fraud Protection Center.
According to this email, which claims to be from credit card provider American Express, your card has been blocked for security reasons. The email claims that all members have to update their profile information in order to help protect the identities of customers online. The message asks you to open an HTML form contained in an attached file to fill in your profile information and re-activate card access. It includes the Amex logo and other graphics designed to make it appear genuine.
However, the email is not from American Express and the claim that you must update your account information is untrue. Instead, the email is a phishing scam designed to steal a large amount of your personal and financial information.
If you click the attached file as requested, a cardholder ‘account validation’ form will open in your default browser. The form asks you to provide your account login details, your credit card numbers, your social security number, your email address and email password, and many other identifying details. Like the scam email, the bogus form features the American Express logo and other elements designed to make it appear legitimate.
After submitting all of your information via the fake form, you will be informed via a final page that your verification has been completed and the block on your card has been lifted.
But, alas, all of the information you supplied can now be collected by online criminals and used to hijack your American Express and email accounts, commit credit card fraud, and steal your identity.
Keep in mind that legitimate financial institutions will never ask customers to supply sensitive personal information via an unsecure form contained in an email attachment. Phishing scams like this one continue to be very common. Be wary of any message that claims that you must rectify an account problem or update account details by clicking a link or opening an attached file. It is always safest to access your online accounts by entering the address into your browser’s address bar or via an official app.
American Express has information about how to report such fraud attempts on its website.
Last updated: July 4, 2016
First published: July 4, 2016
By Brett M. Christensen