AMEX Fraud Alert – Irregular Card Activity – OH NO! This sounds really important!
Well, it is, but likely not in the way you are thinking. The Fraud Alert is, this email is a Phishing Email – a Scam, looking to steal personal information from you.
The Phishing Email on my iPhone
Today, I received an AMEX Fraud Alert email, on my iPhone.
* Image(s) Removed Indefinitely
It really looks official!
Or does it?
WARNING: Phishing Email
So, what was it about this email that set off the WARNING buzzers for me?
Let’s look at it a little harder, shall we?
- Is an elitest, exclusive, membership-only, credit card company, going to address me as “Dear Customer” instead of my real name?
- Would the AMEX Fraud Department make such a mistake so that the text “Check Card 1st October, 2013” wasn’t in correct paragraph alignment or style, with the rest of their email?
- Does the AMEX Fraud Department or Accounting system use the date format of “1st October, 2013″ instead of the standard U.S. October 1st, 2013” format?
- Does the AMEX Fraud Department or Web Development Team know so little about email marketing that they can’t get the sentences and text, to flow correctly, throughout most of the email?
- Is the AMEX Fraud Department so lazy that they would spell out the URL, with emphasis on the “https” or would they provide a professionally styled button, or at the very least, a simplified link?
- Is the AMEX Fraud Department going to forget to provide a webpage version, of the email, for people who can’t view HTML emails?
- Is the AMEX Fraud Department going to send an email, about a financial account, without a single legal disclosure?
Is it possible for some of these issues to occur, in a professionally created email?
Sure! I make mistakes and so does the rest of humanity.
Is it possible for all of these issues to occur, in a professionally created email?
Is it possible? Sure.
Is it likely? NO!
There is one more issue that caught my eye, too. The “FROM” & “TO” lines, of this AMEX Fraud Alert email header, reads like one of those chain emails, instead of legitimate email addresses.
More WARNING buzzers
WARNING – WARNING – WARNING…
If you read the list of questions above and yet, still aren’t sure if the email is legitimate, view the email on your desktop or laptop computer, but DO NOT CLICK ON ANYTHING, IN THE EMAIL!
When I open the same email on my laptop the email doesn’t even look like an email any more. Its just raw HTML code.
* Image(s) Removed Indefinitely
Since the person who created this email, wasn’t very good, you can actually see: “https://www.americanexpress.com” URL is actually programmed to take you to: http://005f189.netsolhost.com/aruba/index.html – DO NOT GO TO THIS URL!
Why is linking to another website important?
Well, because American Express does NOT own it! Who knows what you might find or what might find you, at that URL.
Don’t Just Delete
When most people, get to this point, they simply delete the email. Some more savvy users will mark the message as a “Junk” or “Spam” message.
However, you should take it one step further.
Report this email, to your email provider (I.E. Apple, Google, Yahoo or etc.) and your ISP (Internet Service Provider). Most email and internet providers will have emails that start out like this:
Each service provider may want the email reported in a different way, but most simply want the email forwarded to them with the extended header. I’m not going to go into great detail about what the “extended header” is, but your service provider can help you, report this type of email, correctly.
Apple has a great little article, called: Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams.
For me, this email was obviously a scam or phishing email, because I don’t have an American Express card!
However, as I pointed out before, I wasn’t the only person this AMEX Fraud Alert email was sent to. The scam artist is counting on other people being less informed. It is also very likely many hundreds of thousands, if not millions of people, were targeted with this same AMEX Fraud Alert email, or a very similar one.
IMPORTANT: If you opened a link, in an email like this, you may very well have a long fight on your hands. I recommend disconnecting the internet, from your computer and leaving it, in the exact power state, it is in, at this time. Then, I suggest you take the next couple of hours, to contact the following list, in order:
- The local police and/or regional FBI office – if you provided any personal or financial information, after clicking on a link, like the one I describe here, you need to file a report. It is very important to note, they may or may not be able to help you, depending on each individual circumstance, but having a report filed, may be beneficial to you, if any legal or financial issues arise, due to this unfortunate situation.
- All financial institutions, you have accounts with – if you have done ANY business, with ANY financial institution, online, you need to contact those institutions. They will have a process in place, for your situation.
- A trusted computer technician – to check for malware, spyware, trojans and viruses. This person may seem like the first priority, but they are NOT. If your situation needs to be documented further or if the authorities need access to your computer (or cell phone) they will need it, before your computer technician gets his/her hands on it.