August 12, 2019

American Express is a big business brand name. The company made $40 billion of revenue in 2018 and remains one of the top credit card companies with around 58 million cardholders. Big names mean big phishing opportunities for cybercriminals.

This phishing scam is a general mass delivery scam; the hope is that even a few clicks on the link will harvest enough payback to make it worthwhile for the fraudster behind the scam.

So, it is no surprise that this week’s scam of the week is an American Express email phishing scam.

What the American Express Email Phishing Scam Looks Like

American Express Phishing Scam

The use of American Express and other well-known credit cards brands to scam people out of money is nothing new. This week’s scam is a quite traditional scam in the scheme of phishing emails. It has the following elements:

  1. Branding that looks like American Express. This helps to convince the recipient it is real.
  2. Fear, Uncertainty, and Doubt (FUD). This is social engineering at its best. The spoof email encourages concern about an “invalid login attempt” which has led to your account being suspended. This, the scammers’ hope will initiate a knee-jerk reaction to click on the link in the email to reactivate your account and check everything is OK.

If you are an American Express customer, you may well be tricked into clicking a malicious link with this combination of a known brand and worry over an account compromise.

How Can You Tell This is a Scam?

As is often the case with non-targeted, mass delivered, email phishing scams, the fraudsters make a few mistakes. We can use these mistakes to check the legitimacy of the email. These are the tell-tale signs of this week’s scam:

  1. The salutation was “Dear Valued Customer”. If this email was really from American Express about a possibly compromised account, they would use your actual name.
  2. The email sender address was clearly not an American Express email address:


  1. There were some grammatical/formatting errors in the email body text, such as:

À merican Express Limited (showing an inflection on the A and a space between the A and m)

  1. The link was presented as www.americanexpress.com/secured/updates but resolved as a completely different URL.

What Happens if You Click the Link in the Phishing Email?

We used an online analyser to check what was inside the link. The site was blacklisted as a phishing site. Opening the site presents a spoof American Express page that requests personal information such as name, address, etc.

American Express Phishing Scam

If you do receive a suspicious email like the one in this week’s scam post:

  1. Avoid clicking on any link in the suspicious email.
  2. If you click the link, never enter personal data, including login credentials, into a suspicious website

Sometimes, spoof sites that open after clicking a malicious link are also infected with malware. So always keep your computer patched and software up to date.

If you receive an email from American Express that looks suspicious, forward it to: UKemailfraud@americanexpress.com


Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

The American Express Email Phishing Scam 

An email that looks like it is from American Express is a scam that is trying to steal personal data. The email will be branded with American Express logos and colours. It will state that an illicit attempt to access your account has been made. The email encourages you to click  a link to reactivate the account


If you receive this email, inform your IT department or forward the email to:UKemailfraud@americanexpress.com

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

Share this: