Phishing Hook In Credit Card
Home ScamsPhishing Scams American Express ‘IrregularActivity’ Phishing Scam

American Express ‘IrregularActivity’ Phishing Scam

by Brett M. Christensen


Email purporting to be from credit card provider American Express claims that irregular and unusual activity has been detected on your account and you must click a link to verify your details or the account will be restricted. 

Brief Analysis

The email is not from American Express. The message is a scam designed to trick AmEx customers into giving a large amount of personal and financial data to Internet criminals.


Subject: We noticed unusual activity in your American Express account

Dear Valued Customer,
We detected irregular activity on your American Express.

Check Card on 8th October 2013.

As the Primary Contact, you must verify your account activity before you can continue using your card, and upon verification, we will remove any restrictions placed on your account.

To review your account as soon as possible please.

Please click on the link below to verify your information with us:
[Link Removed]

If you account information is not updated within 48 hours then your ability to access your account will be restricted.

We appreciate your prompt attention to this important matter.

©2013 American Express Company. All rights reserved.


Detailed Analysis

According to this email, which purports to be from credit card provider American Express, irregular and unusual activity has been detected on the recipient’s American Express account. The email warns that, unless the recipient clicks a link to update information within 48 hours, restrictions will be placed on the account.

However, the email is not from American Express. Instead, it is a quite typical phishing scam designed to extract personal and financial information from American Express customers. 
The initial email is quite a crude attempt. Paradoxically, however, the bogus web pages used in the scam are fairly sophisticated.

Those panicked into clicking the link in the scam email will first be taken to a bogus page designed to look like a genuine AmEx webpage and asked to log in with their user ID and password:
American Express Scam Page

After “logging in” on the bogus site, the following “security message” will be displayed:

Your security is very important to us.Because of high numbers of identity theft attempts we need to apply additional security to your account in order to keep our Cardmember safe.


Every couples of month we will screen this alert to your account and we will ask you to update your Personal information.


This way we reduce the risk of identity theft and all your personal informations will be kept safe.

This is not an optional step, if you do not complete the next form we will be forced to Lock your account.

Please press Continue and complete the form on the next page as soon as possible.

After pressing “Continue”, they will be presented with a form that asks for credit card data as well as a large amount of personal information:

AmEx Scam Update Form

Next, another form will appear that asks them to input both their email address and email account password, supposedly as a means of proving their identity:

American Express Scam Update Form

Finally, they will be automatically redirected to the genuine American Express website.

Meanwhile, the scammers can harvest all of the information submitted via the bogus forms. Using this stolen information, the scammers can hijack American Express and email accounts belonging to their victims and lock out the rightful owners. They may also use the harvested information to steal the identities of victims.

American Express customers are regularly targeted in such phishing campaigns. Phishing continues to be a very common type of criminal activity. Be wary of any unsolicited message that claims that you must click a link or open an attached file to rectify a supposed issue with your online account.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,