Yellow Phishing Scam Sign on Keyboard
Home ScamsPhishing Scams American Express ‘Security Verification’ Phishing Scam

American Express ‘Security Verification’ Phishing Scam

by Brett M. Christensen

Outline

Email purporting to be from American Express claims recipients must open an attached file and fill in a form in order to verify their American Express account information.

Brief Analysis

The email is not from American Express. It is a phishing scam designed to trick recipients into divulging financial and personal information to Internet fraudsters.

Example

Subject: Your American Express Membership Security Verification®

Dear Customer,

During your regulry scheduled accounts manintenance verification procedure,we have detected a slight error regarding your American Express Account.

This might be due to one of the following reasons.

1. A recent change in your personal information (i.e address changing)
2. Submitting invalid information during sign up process
3. Multiple failed logins in your personal account
4. An inability to accurately verify your selected optional payment due to an internal error within our system

Please verify your information by Downloading the Attachment file and open in a browser to Continue

*If your account information is not verified within 48 hours then your ability yo access your account will be restricted.

 

Thank You.
American Express Company

 

Copyright © 2012 American Express Company. All right reserved.

Screenshot of the attached file:
AmEx Phishing Scam Email

 

Detailed Analysis

According to this email, which claims to be from American Express, a “slight error” has been detected in the recipient’s American Express account that needs to be rectified. The message claims that, unless the recipient opens an attached file and verifies account information within 48 hours, access to the account will be restricted.

However, the email is, in fact, a scam and has no connection with American Express whatsoever. Those who fall for the ruse and open the attached file will be asked to provide a large amount of personal and financial information via a web form that opens in their browser. The supposed “Card Membership Verification” form asks for credit card details, including the card’s ATM PIN as well as the user’s social security number and other identifying information along with address and contact details. The form even asks the user to provide a password for his or her email account.

But, alas, all of the information submitted on the fake form will be sent to online criminals and subsequently used to steal the identities of victims as well as use their credit card details to conduct fraudulent transactions. The scammers may also hijack the email accounts of victims and use the compromised accounts to conduct further spam and scam campaigns.

American Express would never ask its customers to verify account details by filling in an unsecure form contained in an email attachment or accessed via a clicked link. Nor would any other legitimate financial entity. Such phishing scams are very common. Other credit cards service providers, including Visa, are also regularly targeted in similar phishing scams. Be wary of any email purporting to be from a financial service provider that claims that you are required to verify your account by clicking a link or opening an attachment. This is a very common criminal ploy. If you receive such an email, do not click on any links or open any attachments that it contains.

It is always safest to login to your online accounts by entering the account web address into your browser’s address bar.  


Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer