Email Phishing Alert: “Your American Express Forgotten User ID”

Recently we have seen a few emails related to the same phishing attempt make it through our email antispam filter service.

Details of the AMEX phishing email scam.

  • The email appears to be from American Express with a spoofed email address of AmericanExpress@welcome.aexp.com.
  • The subject line is Your American Express Forgotten User ID.
  • The links embedded in the email do not go to an American Express website. They point to a pianco.com.br website.

If you are using Outlook, you can preview the link URL by hovering your mouse over the hyperlink before clicking.

hover over link in outlook to see URL

hover over a link in Outlook to preview the actual website address

Here is a screen shot of this particular email. If you received it or one similar to it, do not click on the the links.

amex-email-phishing

screenshot of the phishing email presenting itself as “AMEX”

A word of caution when dealing with financial institutions online.

Banks and credit card companies will not ask you to verify account information like social security number, account ID, or date of birth via email. Also, if you don’t have services from the company then don’t click on the link.

  • eppand

    We are seeing another waive of AMEX phishing emails. Be on alert.

    • Joe Champagne

      I just received a similar message to this, except in my case there’s an HTML attachment they wanted me to open. Should also note that this reached my corporate email, as well; somehow it slipped through our Radiant filters.

  • Native_New_Yorker

    Just got one of these this morning!!!!

  • http://www.jpatkinson.co.uk John A

    Seeing a lot of these in the UK under the Guise of HMRC concerning a VAT return with a nice .zip attachment as well as other financial institutions like HSBC Bank

    • http://www.LTnow.com Zac Parsons

      They do seem to be coming more fast and furious lately. I received one yesterday claiming to be a utility bill.

      Thanks for the update from the UK!

  • wlm

    I receive notification from our system that emails from fraud@aexp.com have been rejected. This happens 2 or 3 times a week.

    • eppand

      The postmaster@ emails do seem to be on an up tick. We are seeing them with an attached .zip file. An obvious fradulant email for us because we don’t utilize that mailbox for system messages.