This AMEX Email Phishing Scam Wants You Homeless & Poor, With A Zero FICO Score

December 17, 2019 · 6 min read

PALM BEACH, FL – Nothing could better destroy your holiday spirit than a compromise of your most secure personal information in the form of a phishing expedition. Here is one of the latest email scams circulating what is probably hundreds of thousands of inboxes, just in time for Christmas.

Here is how it all plays out: You receive an email which appears to be from American Express, but it isn’t, it’s from some scrupulous hacker hiding somewhere behind a computer who is looking to steal your identity.

Fake American Express Email (Classic Email Phishing Attempt)

A fake email which looks to be sent from American Express. Red flag #1 – it is addressing the recipient as “Customer” and not by name. It also doesn’t include any account information whatsoever.

Hovering Over the Fake Button

After clicking on the button in the fake email, users are sent to a fake website which is designed to look identical to an authentic American Express website. A link shortening service called “Bitly” is being used to hide the long fraudulent looking site address which will be visited.

***Hovering over the blue “Confirm Your Identity” button reveals a link shortening service being used to hide the true location which will be visited.***

A Better Look at the Sender (Fake)

A special character in Unicode or Latin is being used, likely to bypass spam filters which are already configured to look for mail identified as coming from American Express, but are not sent by an authentic domain. The email is actually being sent from a server controlled by the domain name “ **Reagan.com”** which was probably compromised specifically for the purpose of sending these emails. The server will likely be used until the compromise is discovered and then this criminal will move on to the next hacked server victim. Nothing in the ‘to’ field indicates the ‘BCC’ field was likely used.

American Express Email (Real)

***What a genuine email from American Express looks like. As you can see, the fake email template is using a confusingly similar look and feel (design).***

It is both increasingly and incredibly important to examine very closely any emails received which suggest you login anywhere or enter in any personally identifiable information, especially any financial accounts yet anything that stores any of your personal information can be used to compromise your safety and security.

AMEX Button Link (Real Email)

The real AMEX email brings you to an authentic “AmericanExpress.com” domain name. If you have’t already, you should get into the habit of looking at your browsers task bar and hover over links to see where you will wind up when clicking on a link, but be careful, these too can be spoofed if the hacker is very educated on JavaScript.

A Better Look at the Sender (Real Email)

Hovering over the tab will show that this email has been sent from welcome.aexp.com, an authentic American Express domain name. It is also marked by Google’s Gmail as ‘important’ as it has been sent directly to me.

Clicking on the tab on the top left lets you see a little more about the sender of the email and who exactly it was sent to. The above feature is shown in Gmail, but most if not all email clients have a similar feature.

The Sneaky Redirect (Linked from the Fake Button)

The short cleaner looking link uses what is called a “301” server side redirect which, as soon as it loads, just sends (or redirects) people to a different web address. Many people do not even notice the redirect take place. Ordinarily, these redirects are helpful to web site owners who change their web address to help visitors find the correct location; here it is being used for trickery.

This is a server header checker tool which shows that when the Bitly link is loaded it immediately redirects to a website at the address DiamondSettingsNYC.com, which is probably hacked and its owner may not even know there is a file (vars.php) placed in the sites root file area for the single purpose of redirecting users.

The Fake Website (Here Is Where They Really Do The Damage)

This is the fake website which is about to steal your username and password for your real account. Take notice on the top of the address bar there is a unlocked icon letting you know that this is not a secure domain name and doesn’t have an SSL (Secure Socket Layer) connection; a huge red flag. American Express would never operate on an insecure site.

**This little ‘unlocked’ icon tells you this site is NOT secure (not providing a secure connection). This is what the insecure icon looks like in Firefox.**

**In Google Chrome the words “Not Secure” appear to the left without the unlocked icon. It doesn’t always appear in red so you should take note of this.**

Second Page To Steal More Of Your Information

This is the first time I’ve seen a second page to acquire more information. Usually after the username and password is obtained, the site will just redirect to the real login page making the person think they typed their credentials incorrectly, but this hacker wants as much information as they can get and I guess they figure, good chance if you’ve gotten this far, there is more to be stolen in this single sitting.

Third Page To Steal, Even More!

Geez, these hackers really aren’t playing around; they want a treasure trove of information so they can sell it off for years to come; probably the victims entire lifetime. They are asking for the PIN#, mothers birthday, place of birth, and the name of some unlucky persons first elementary school.

The End of this Compromising Run-a-Round Scheme

This is your final destination. You have now been completely raped of just about as much personal information as necessary to make your life a living hell and potentially cause horrendous damage to your credit and FICO score. Hopefully you already have a house and car and everything you need.

This is where you end up if you are truly unlucky enough to have completed this entire process. You have only left to now login and see all of your ordinary information while some criminal is off to the dark-net web to distribute and sell your most secure personal information.

Other Scams to Look-Out For

What do I do if I receive a phishing email claiming to come from American Express?

Be sure to follow this site to stay up to date with some of the latest security and privacy issues. I don’t always have the time to detail them as much as I would like, but when I can, I’ll certainly keep you in the loop of what to look out for, this way you don’t wind up homeless and poor, with a zero FICO score. Subscribe to these headlines.

PLEASE NOTE: THE IMAGE OF EMAILS LABELED (FAKE) WERE NOT SENT FROM AMERICAN EXPRESS®. IF YOU RECEIVE IT, IT’S A FAKE. IT IS BEING USED AS AN EXAMPLE OF AN ACTUAL “PHISHING” EMAIL I RECEIVED. THIS IS HERE TO HELP OTHERS AVOID SIMILAR FAKE EMAILS AS WELL AS TO ILLUSTRATE HOW THESE PHISHING SCAMS WORK IN DETAIL.

John Colascione

About The Author: John Colascione is Chief Executive Officer of SEARCHEN NETWORKS®. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a how-to book called ”Mastering Your Website‘, and is a key player in several online businesses.

📌 Enjoyed This Content?

Add STRATEGIC REVENUE as a Google Preferred Source to see more of our business, technology, and digital strategy coverage in Google Search.

Add Strategic Revenue

Join the Discussion Cancel reply

Capital One, Discover, Discover Acquisition, Capital One Discover Deal, Discover Financial Services