Select Page

AMEX Fraud Alert – Irregular Card Activity – OH NO! This sounds really important!

Well, it is, but likely not in the way you are thinking. The Fraud Alert is, this email is a Phishing Email – a Scam, looking to steal personal information from you.

AMEX Fraud Alert – The Phishing Email on my iPhone

Today, I received the following AMEX Fraud Alert email, on my iPhone…

AMEX Fraud Alert : Irregular Card Activity

Wow, it really looks official…

Or does it?

AMEX Fraud Alert – WARNING: Phishing Email

So, what about this email, from American Express, set off the WARNING buzzers for me?

Let’s look at it a little harder, shall we?

  • Is an elitest, exclusive, membership-only, credit card company, going to address me as “Dear Customer” instead of my real name?
  • Would the AMEX Fraud Department make such a mistake so that the text “Check Card 1st October, 2013” wasn’t in correct paragraph alignment or style, with the rest of their email?
  • Does the AMEX Fraud Department or Accounting system use the date format of “1st October, 2013″ instead of the standard U.S. October 1st, 2013” format?
  • Does the AMEX Fraud Department or Web Development Team know so little about email marketing that they can’t get the sentences and text, to flow correctly, throughout most of the email?
  • Is the AMEX Fraud Department so lazy that they would spell out the URL, with emphasis on the “https” or would they provide a professionally styled button, or at the very least, a simplified link?
  • Is the AMEX Fraud Department going to forget to provide a webpage version, of the email, for people who can’t view HTML emails?
  • Is the AMEX Fraud Department going to send an email, about a financial account, without a single legal disclosure?

Is it possible for some of these issues to occur, in a professionally created email?

Sure! I make mistakes and so does the rest of humanity.

Is it possible for all of these issues to occur, in a professionally created email?

Is it possible? Yes.

Is it likely? NO!

There is one more piece, which my iPhone Screenshot (above) didn’t capture, too. The “FROM” & “TO” lines, of this AMEX Fraud Alert email header, reads like one of those chain emails and not one of the email addresses, in the “FROM” line, was from American Express. You will be able to see, more about what I’m referring to here, as you keep reading.

AMEX Fraud Alert – More WARNING buzzers

WARNING – WARNING – WARNING…

If you read the list of questions above and yet, still aren’t sure if the email is legitimate, view the email on your desktop or laptop computer – WARNING: DON’T CLICK ON ANYTHING, IN THE EMAIL!

Here is what happens, when I open the same email, I showed above, on my laptop:

AMEX Fraud Alert - Phishing Email

Yes, I blacked out my email address.

The email doesn’t even look like an email, any more. Its just raw HTML code.

Since the person who created this email, wasn’t very good, you can actually see: “https://www.americanexpress.com” URL is actually programmed to take you to: http://005f189.netsolhost.com/aruba/index.html – WARNING: PLEASE, DO NOT TRY TO GO THERE!

Why is linking to another website important?

Well, because American Express doesn’t own it! Who knows what you might find or what might find you, at that URL.

Don’t Just Delete

When most people, get to this point, they simply delete the email. Some more savvy users will mark the message as a “Junk” or “Spam” message.

However, you should take it one step further.

Report this email, to your email provider (I.E. Apple, Google, Yahoo or etc.) and your ISP (Internet Service Provider). most often these emails will start out like this:

abuse@
spam@

Each service provider may want the email reported in a different way, but most simply want the email forwarded to them with the extended header. I’m not going to go into great detail about what the “extended header” is, but your service provider can help you, report this type of email, correctly.

Apple has a great little article, called: Identifying fraudulent “phishing” email


For me, this email was an easy one to catch, because I don’t have an American Express card!

However, as I pointed out before, I wasn’t the only person this AMEX Fraud Alert email was sent to. The scam artist is counting on other people to be less informed. It is also very likely many hundreds of thousands, if not millions of people, were targeted with this same AMEX Fraud Alert email, or a very similar one.

IMPORTANT: If you opened a link, in an email like this, you may very well have a long fight on your hands. I recommend disconnecting the internet, from your computer and leaving it, in the exact power state, it is in, at this time. Then, I suggest you take the next couple of hours, to contact the following list, in order:

  1. The local police and/or regional FBI office – if you provided any personal or financial information, after clicking on a link, like the one I describe here, you need to file a report. It is very important to note, they may or may not be able to help you, depending on each individual circumstance, but having a report filed, may be beneficial to you, if any legal or financial issues arise, due to this unfortunate situation.
  2. All financial institutions, you have accounts with – if you have done ANY business, with ANY financial institution, online, you need to contact those institutions. They will have a process in place, for your situation.
  3. A trusted computer technician – to check for malware, spyware, trojans and viruses. This person may seem like the first priority, but they are NOT. If your situation needs to be documented further or if the authorities need access to your computer (or cell phone) they will need it, before your computer technician gets his/her hands on it.