Strange Email from Amex

Reply Subscribe

Thread Tools

Search this Thread

Aug 29, 2018, 1:25 pm

bocastephen

A FlyerTalk Posting Legend

Original Poster

Join Date: Sep 2002

Location: LAX/TPE

Programs: United 1K, JAL Sapphire, SPG Lifetime Platinum, National Executive Elite, Hertz PC, Avis PC

Posts: 42,211

Strange Email from Amex

I've been receiving these emails for the past few days with a HTML attachment that I've obviously never opened or downloaded. I suspect it's spam, but I was curious if anyone else has ever received something similar:

The sender is [email protected] but it's actually showing as American Express [email protected] which seems to indicate a spam/phishing attempt.

Quote:

Dear Cardmember,

To meet government guidelines that prevent money laundering and terrorist financing, financial institutions must maintain current information about their customers. Therefore, we are requesting that our customers update their profiles.

For this reason, new charges on your accounts may be declined, we advise you start your update right away.

To start, An attached HTML Webpage Fillable Web Form is sent with this message.

- See Attached Form, Download and Open to Continue.

- This has been uniquely Prefilled for you.

- You’ll need to complete some steps to ensure the security of your account.

- Finish steps by filling out the Form.

Your prompt response regarding this matter is appreciated.

Sincerely,

American Express Customer Service

Aug 29, 2018, 1:29 pm

rickg523

FlyerTalk Evangelist

Join Date: Jun 2013

Posts: 17,457

Why wouldn't you be instructed to go to the website and update your profile?
I'd call Amex about this. It smells like phish and they probably want to know about it.

bocastephen likes this.

Aug 29, 2018, 1:32 pm

MSPeconomist

A FlyerTalk Posting Legend

Join Date: Sep 2009

Location: Minneapolis: DL DM charter 2.3MM

Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM

Posts: 100,413

I agree that you should report this to AmEx (and also watch for suspicious account activity, especially assuming if they used the email address attached to your AmEx account(s)).

bocastephen and hi55us like this.

Aug 29, 2018, 2:25 pm

mia

Moderator

Join Date: Jun 2003

Location: Miami, Mpls & London

Programs: AA & Marriott Perpetual Platinum; DL & HH Gold

Posts: 48,958

https://www.americanexpress.com/us/security-center/

Forward to: [email protected]

forumpersona999 likes this.

Aug 29, 2018, 2:58 pm

beep88

Join Date: Dec 2010

Location: YYZ

Programs: AMEX AC CX UA AA DL

Posts: 3,008

The email you received is full of red flags.

- "Dear Cardmember" instead of your name
- download attachment
- attachment is html

bocastephen, thunderlounge, rickg523 and 3 others like this.

Aug 29, 2018, 3:59 pm

kellio33

Join Date: Apr 2006

Location: PHX

Programs: US,HH

Posts: 636

100% guarantee you it is a phishing attempt.

jtc246 and hi55us like this.

Aug 31, 2018, 5:21 am

MaxVO

Join Date: Feb 2012

Posts: 4,477

All suspected phishing emails should be forwarded to the company involved. The email address of this format will work with most or all: spoof@(company's domain)

Aug 31, 2018, 5:52 am

Often1

Suspended

Join Date: Aug 2010

Location: DCA

Programs: UA US CO AA DL FL

Posts: 50,262

The entire goal of phishing emails is to get you to act quickly.

Anytime you are asked to download or clock through, your immediate reaction ought to be to call (the number on your card, not a number listed on the email).

If by some chance this happened to be a poorly-done but legitimate requirement, you would then learn that from your call.

hi55us likes this.

Sep 1, 2018, 10:14 pm

PeterDoe

Join Date: Jun 2018

Posts: 9

uhm, I think you better call them to make sure, the cost for doing the wrong thing about your account is too high.

Sep 2, 2018, 5:21 am

#10

mia

Moderator

Join Date: Jun 2003

Location: Miami, Mpls & London

Programs: AA & Marriott Perpetual Platinum; DL & HH Gold

Posts: 48,958

Quote:

Originally Posted by PeterDoe

...cost for doing the wrong thing about your account is too high.

In my experience, if I forward an email to the sender's spoof@ address they will contact me if it is actually legitimate, in part because they want to understand why I thought otherwise.

Sep 2, 2018, 11:02 am

#11

txflyer77

Join Date: Mar 2012

Location: Boulder

Programs: AA Plat, CX Silver

Posts: 2,361

Quote:

Originally Posted by mia

In my experience, if I forward an email to the sender's spoof@ address they will contact me if it is actually legitimate, in part because they want to understand why I thought otherwise.

Mostly the infosec team want to arm themselves for when they go lecture the marketing department (or whoever) about their bad security practices.

Sep 4, 2018, 4:55 pm

#12

gwarboy

Join Date: Mar 2005

Location: Tampa

Programs: UA 1K; PC RA

Posts: 93

Quote:

Originally Posted by bocastephen

I received the same email over the weekend, and from analyzing its headers, and using compartmentalized email addresses, it appears that whoever sent this got my individualized email address from a FL Department of Corporations filing. There may have been a leak from there (or it was an inside harvesting job).

Perhaps as a Florida resident, you have in the past filed something with the same guys and were harvested the same way.

Just guessing...

bocastephen likes this.

Reply Subscribe

Reply Share

First
Prev
1 / 1
Next
Last

Forum Jump