Ask Dave Taylor
  • Facebook
  • Instagram
  • Linkedin
  • Pinterest
  • Twitter
  • YouTube
  • Home
  • YouTube Videos
  • Top Categories
  • Subscribe via Email
  • Ask A Question
  • Meet Dave
  • Home
  • Computer & Internet Basics
  • Not Logged In To AmEx Account Recently?

Not Logged In To AmEx Account Recently?

May 28, 2018 / Dave Taylor / Computer & Internet Basics, Spam, Scams & Security / No Comments

I got an email from American Express saying that I hadn’t logged into my account in a while and asking me to verify my info. Seems suspicious. How can I tell if it’s legit?

I don’t even need to see the email to definitely answer that it’s not legitimate and that it’s a scam, probably what’s known as a “phishing” attack. This is a form of attack where criminals try to trick you into revealing personally identifiable information, credit card numbers, login credentials or similar. What’s worse is that they can be ridiculously well done and at their worst, almost indistinguishable from the real Web site or service.

The American Express (AmEx) email you forwarded along isn’t quite that well done, but the bad guys have clearly spent some time trying to do something that will fool some of the people some of the time. And all too often, that’s good enough if you’re sending it to a million people or more, right? The real answer to any of these threats, therefore, is to have a high degree of skepticism about any email that tells you that you need to click on a link or button.

But let’s dig into this email a bit too…

bogus fake phishing amex american express email

It looks legit on first glance, but there are warning signs here. First, AmEx isn’t going to send an email to “Recipients”: it’d be to you explicitly. There’s also a grammatical error in the first paragraph: “you have not login your account in a while” should be “not logged in”, of course. But let’s say that you missed all the clues and moved your cursor over “this link” in the middle of the message.

Here’s what you’ll see in most decent email programs, a preview of the link:

url hover not amex phishing email

You should all-stop here. There is zero chance that American Express is using a site called “nicatel.net” for anything related to your account, let along a page that’s pretty clearly hidden on an unwitting server as part of the phishing scam. 🙁

But hey, you’re moving fast and so you actually do click on the link. Here’s what you’ll get after a few redirect bounces:

fake bogus amex login screen

Looks completely legit, right? Except, no. Look more closely at the address bar. In Google Chrome, at least, it’s warning you that this site is Dangerous, which should indeed be another warning flag. Oh, and that you’re on “tysonn.com” rather than “amex.com” or similar is a bit troubling too, right?

As with most of these phishing sites, you can enter literally any bogus, made up values to proceed through if you’re curious, so that’s what I’ll do. A bogus user ID and password and here’s the next thing that the bad guys want me to share:

amex phishing - screen 2

Points for not just asking for your credit card number, but that would be easy for them to obtain if you gave them legit password and account ID information: it’s the additional secret numbers that need to stay secret. Just so not a good idea; if you ever encounter a request for this sort of information, it’s critical that you carefully analyze all the clues to ensure that the page is legit and from the organization you believe you’re interacting with. If not, well, that’s how people get ripped off.

And, finally, enter random junk here, click “Continue” and as the final step, the scammers drop you onto the real American Express site so you can log in again. Or, more likely, just jump to a different task without even really thinking that you just compromised your Amex card in a really egregious way.

real amex login screen

The moral of this story? BE DARN CAREFUL. Really. The bad guys are getting pretty sophisticated. If you do get an email and you’re not sure if it’s legit, then go to your Web browser and type in the URL of the service that seems to have sent the email. Log in, and check for messages. If there aren’t any notifications, updates or messages, then you just sidestepped a scam. Well done.

About the Author: Dave Taylor has been involved with the online world since the early days of the Internet. Author of over 20 technical books, he runs the popular AskDaveTaylor.com tech help site. You can also find his gadget reviews on YouTube and chat with him on Twitter as @DaveTaylor.

Let’s Stay In Touch!

Never miss a single article, review or tutorial here on AskDaveTaylor, sign up for my fun weekly newsletter!
Name: 
Your email address:*
Please enter all required fields
Correct invalid entries
No spam, ever. Promise. Powered by FeedBlitz
Please choose a color:
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by buying you a cup of coffee!
american express, amex, amex scam, identity theft, online privacy, online safety, phishing, phishing attack, phishing scam

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Recent Posts

  • How to Check Energy Recommendations on your Windows Laptop
  • How Do I Customize New Tab Windows in Safari for Mac?
  • Can AI-Generated ChatGPT Text Be Accurately Identified?
  • How to Perform a Microsoft Account Security Audit and Checkup
  • How Can I Customize My Linux Dock / Taskbar?

On Our YouTube Channel

How to: Replace a Switchbot Door Sensor Battery

EMEET Luna vs INNOTRIK Studio Bluetooth Speakerphones -- DEMOS & REVIEW

Categories

  • AdSense, AdWords, and PPC Help (106)
  • Amazon, eBay, and Online Shopping Help (163)
  • Android Help (226)
  • Apple iPad Help (147)
  • Apple Watch Help (53)
  • Articles, Tutorials, and Reviews (346)
  • Auto Tech Help (15)
  • Business Advice (200)
  • ChromeOS Help (31)
  • Computer & Internet Basics (778)
  • d) None of the Above (166)
  • Facebook Help (383)
  • Google, Chrome & Gmail Help (188)
  • HTML & Web Page Design (247)
  • Instagram Help (49)
  • iPhone & iOS Help (623)
  • iPod & MP3 Player Help (173)
  • Kindle & Nook Help (99)
  • LinkedIn Help (88)
  • Linux Help (173)
  • Linux Shell Script Programming (89)
  • Mac & MacOS Help (911)
  • Most Popular (16)
  • Outlook & Office 365 Help (33)
  • PayPal Help (68)
  • Pinterest Help (54)
  • Reddit Help (19)
  • SEO & Marketing (82)
  • Spam, Scams & Security (95)
  • Trade Show News & Updates (23)
  • Twitter Help (220)
  • Video Game Tips (66)
  • Web Site Traffic Tips (62)
  • Windows PC Help (947)
  • Wordpress Help (206)
  • Writing and Publishing (72)
  • YouTube Help (47)
  • YouTube Video Reviews (159)
  • Zoom, Skype & Video Chat Help (62)

Archives

Social Connections:

Ask Dave Taylor


Follow Me on Pinterest
Follow me on Twitter
Follow me on LinkedIn
Follow me on Instagram


AskDaveTaylor on Facebook



microsoft insider mvp


This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this site or on any linked site. Further, please note that by submitting a question or comment you're agreeing to our terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site. Our lawyer says "Thanks for your cooperation."
© 2023 by Dave Taylor. "Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.
Privacy Policy - Terms and Conditions - Accessibility Policy