Home ScamsPhishing Scams American Express ‘Online Security Service Notification’ Phishing Scam

American Express ‘Online Security Service Notification’ Phishing Scam

by Brett M. Christensen

Outline

Email claiming to be from American Express informs recipients that they must click a link to update online banking account information because new security measures are being imposed.

Brief Analysis

The email is not from American Express. It is a phishing scam designed to trick recipients into giving their credit card details and other personal information to cybercriminals.

Example

Subj: America Express Online Security Service Notification

DEAR VALUED CUSTOMER,

Your online banking account has to be updated as we impose measures to ensure your safety while banking online.

PLEASE CLICK BELOW TO CONTINUE
Verify your Access

These features are made to provide the most secure service and protection to you while online as failure to adhere may affect your online banking access in the future.

Thank You
Legal Advisor, America Express.

 

Detailed Analysis

According to this “security service notification”, which claims to be from American Express, users are required to update information in their online bank accounts because new security measures are being imposed. They are warned that “failure to adhere” to the update request may affect future access to the account.

The message greets users generically as “Dear Customer” and claims to be from an unnamed American Express “legal advisor”.
In fact, the message is not from American Express. It is a phishing scam designed to fool recipients into divulging their personal and financial information via a fake American Express website. Those who click the link will be taken to a site that hosts the form shown in the following screenshot:

American Express Scam Email

The bogus form asks for credit card details as well as account login credentials, personal and contact information and even the user’s email account password. Once victims have completed the form and clicked the “Submit” button, they will be automatically redirected to the real American Express website.

Meanwhile, the criminals running the phishing attack can use the stolen information to commit credit card fraud and identity theft as well as hijack American Express accounts belonging to their victims. They can also take control of victim email accounts and use them to launch further spam and scam campaigns.

American Express would never send an unsolicited email asking customers to click a link to update account details. And, genuine American Express emails will always greet customers by their names. It will never use generic greetings such as “Dear Customer”. The company has published information about phishing scams and how to report them on its website.

Phishing scammers continue to attack Internet users all over the world and many users continue to fall for their tricks. Be cautious of any unsolicited message that claims that you must provide account information by clicking a link or opening an attached file. It is always safest to access all of your online accounts by typing the account address into your browser’s address bar rather than by clicking an email link.


Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer