Strange Email from Amex

Old Aug 29, 18, 1:25 pm
  #1  
FlyerTalk Evangelist
Original Poster
 
Join Date: Sep 2002
Location: LAX/TPE
Programs: CO Platinum 1K, United 1K, SPG LT Platinum, National Executive Elite, Platinum TSA Hater
Posts: 36,203
Strange Email from Amex

I've been receiving these emails for the past few days with a HTML attachment that I've obviously never opened or downloaded. I suspect it's spam, but I was curious if anyone else has ever received something similar:

The sender is [email protected] but it's actually showing as American Express [email protected] which seems to indicate a spam/phishing attempt.

Dear Cardmember,

To meet government guidelines that prevent money laundering and terrorist financing, financial institutions must maintain current information about their customers. Therefore, we are requesting that our customers update their profiles.

For this reason, new charges on your accounts may be declined, we advise you start your update right away.

To start, An attached HTML Webpage Fillable Web Form is sent with this message.

- See Attached Form, Download and Open to Continue.

- This has been uniquely Prefilled for you.

- You’ll need to complete some steps to ensure the security of your account.

- Finish steps by filling out the Form.


Your prompt response regarding this matter is appreciated.


Sincerely,

American Express Customer Service
bocastephen is online now  
Old Aug 29, 18, 1:29 pm
  #2  
 
Join Date: Jun 2013
Posts: 7,246
Why wouldn't you be instructed to go to the website and update your profile?
I'd call Amex about this. It smells like phish and they probably want to know about it.
bocastephen likes this.
rickg523 is offline  
Old Aug 29, 18, 1:32 pm
  #3  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 92,308
I agree that you should report this to AmEx (and also watch for suspicious account activity, especially assuming if they used the email address attached to your AmEx account(s)).
bocastephen and hi55us like this.
MSPeconomist is offline  
Old Aug 29, 18, 2:25 pm
  #4  
mia
A FlyerTalk Posting Legend, Moderator: American Express, Citi, Diners Club, Signatures
 
Join Date: Jun 2003
Location: Miami & London
Programs: AA & Marriott Perpetual Platinum; HH Gold
Posts: 42,406
https://www.americanexpress.com/us/security-center/

Forward to: [email protected]
forumpersona999 likes this.
mia is offline  
Old Aug 29, 18, 2:58 pm
  #5  
 
Join Date: Dec 2010
Location: YYZ
Programs: AMEX AC CX UA AA DL
Posts: 2,991
The email you received is full of red flags.

- "Dear Cardmember" instead of your name
- download attachment
- attachment is html
beep88 is offline  
Old Aug 29, 18, 3:59 pm
  #6  
 
Join Date: Apr 2006
Location: PHX
Programs: US,HH
Posts: 632
100% guarantee you it is a phishing attempt.
jtc246 and hi55us like this.
kellio33 is offline  
Old Aug 31, 18, 5:21 am
  #7  
 
Join Date: Feb 2012
Posts: 3,001
All suspected phishing emails should be forwarded to the company involved. The email address of this format will work with most or all: [email protected](company's domain)
MaxVO is offline  
Old Aug 31, 18, 5:52 am
  #8  
Suspended
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,270
The entire goal of phishing emails is to get you to act quickly.

Anytime you are asked to download or clock through, your immediate reaction ought to be to call (the number on your card, not a number listed on the email).

If by some chance this happened to be a poorly-done but legitimate requirement, you would then learn that from your call.
hi55us likes this.
Often1 is offline  
Old Sep 1, 18, 10:14 pm
  #9  
 
Join Date: Jun 2018
Posts: 9
uhm, I think you better call them to make sure, the cost for doing the wrong thing about your account is too high.
PeterDoe is offline  
Old Sep 2, 18, 5:21 am
  #10  
mia
A FlyerTalk Posting Legend, Moderator: American Express, Citi, Diners Club, Signatures
 
Join Date: Jun 2003
Location: Miami & London
Programs: AA & Marriott Perpetual Platinum; HH Gold
Posts: 42,406
Originally Posted by PeterDoe View Post
...cost for doing the wrong thing about your account is too high.
In my experience, if I forward an email to the sender's [email protected] address they will contact me if it is actually legitimate, in part because they want to understand why I thought otherwise.
mia is offline  
Old Sep 2, 18, 11:02 am
  #11  
 
Join Date: Mar 2012
Location: Boulder
Programs: AA Plat, CX Silver
Posts: 2,357
Originally Posted by mia View Post
In my experience, if I forward an email to the sender's [email protected] address they will contact me if it is actually legitimate, in part because they want to understand why I thought otherwise.
Mostly the infosec team want to arm themselves for when they go lecture the marketing department (or whoever) about their bad security practices.
txflyer77 is offline  
Old Sep 4, 18, 4:55 pm
  #12  
 
Join Date: Mar 2005
Location: Tampa
Programs: UA 1K; PC RA
Posts: 93
Originally Posted by bocastephen View Post
I've been receiving these emails for the past few days with a HTML attachment that I've obviously never opened or downloaded. I suspect it's spam, but I was curious if anyone else has ever received something similar:

The sender is [email protected] but it's actually showing as American Express [email protected] which seems to indicate a spam/phishing attempt.

I received the same email over the weekend, and from analyzing its headers, and using compartmentalized email addresses, it appears that whoever sent this got my individualized email address from a FL Department of Corporations filing. There may have been a leak from there (or it was an inside harvesting job).

Perhaps as a Florida resident, you have in the past filed something with the same guys and were harvested the same way.

Just guessing...
bocastephen likes this.
gwarboy is offline  

Thread Tools
Search this Thread
Search Engine: