Stealing Credit Card - Phishing
Home ScamsPhishing Scams American Express ‘Blocked Card Access’ Phishing Scam

American Express ‘Blocked Card Access’ Phishing Scam

by Brett M. Christensen


Email purporting to be from American Express claims that access to your card has been blocked until you update your profile information via an HTML form contained in an attached file.

Brief Analysis

The email is not from American Express. It is a phishing scam designed to steal your credit card numbers, your email account password, and a host of other identifying personal information.


Dear [email address removed]; Your Membership Access has been BlockedAmerican Express Card Blocked Phishing Scam

Card Access Blocked Confirmation

News – We’ve Blocked Your Card Access For your security:

Dear Valued Member:

Did you recently verify your User ID as requested by all American express Member? If not, then it’s time to do so. We request all valid member to update their profile information to manage your American Express® Card account online.

We have sent all members our updated HTML Web Page to update to enable us serve your better. If you recently updated on our HTML Web Page, you can disregard this email and card access will be automatically active. This is to help protect your identity online, we want to be sure that all valid members are part of this program.

For your convenience, please follow the Important instruction on HTML Web page update.

An HTML Web Page has been attached to this email, kindly Download and save to your device desktop. Continue by filling your profile information to re-activate your card access.

To recognize your excellent history as an American Express® Card Member, we are pleased to inform you that all newly updated member will be rewarded with extra points on reward program.

We hope this provides you greater flexibility to make purchases on your card as you continue to enjoy the benefits of membership.

Thank you for your Card Membership.


American Express Customer Care

P.S. To learn how to protect yourself on the internet and for information about Identity Theft, Phishing and Internet Security, please visit our Fraud Protection Center.


Detailed Analysis

According to this email, which claims to be from credit card provider American Express, your card has been blocked for security reasons. The email claims that all members have to update their profile information in order to help protect the identities of customers online. The message asks you to open an HTML form contained in an attached file to fill in your profile information and re-activate card access. It includes the Amex logo and other graphics designed to make it appear genuine.

However, the email is not from American Express and the claim that you must update your account information is untrue. Instead, the email is a phishing scam designed to steal a large amount of your personal and financial information.

If you click the attached file as requested, a cardholder ‘account validation’ form will open in your default browser. The form asks you to provide your account login details, your credit card numbers, your social security number, your email address and email password, and many other identifying details. Like the scam email, the bogus form features the American Express logo and other elements designed to make it appear legitimate.

After submitting all of your information via the fake form, you will be informed via a final page that your verification has been completed and the block on your card has been lifted.

But, alas, all of the information you supplied can now be collected by online criminals and used to hijack your American Express and email accounts, commit credit card fraud, and steal your identity.

Keep in mind that legitimate financial institutions will never ask customers to supply sensitive personal information via an unsecure form contained in an email attachment. Phishing scams like this one continue to be very common. Be wary of any message that claims that you must rectify an account problem or update account details by clicking a link or opening an attached file. It is always safest to access your online accounts by entering the address into your browser’s address bar or via an official app.

American Express has information about how to report such fraud attempts on its website.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,