The American Express Scam Email: What It Is and How to Protect Yourself From It

Arm Yourself With Knowledge So You Don’t Get Caught by This Scam

American Express customers are receiving various emails that mimic the real deal but be warned; it’s a scam! These sophisticated hoaxes are designed to get you to click a link that instantly infects your computer with a virus or malware. Even worse, many of them dupe you into entering personal data, which is then used to steal your identity. 

What Is the American Express Email Scam?

The American Express email scam has been around for a while, with variants popping up at different times. Some of the emails are obviously fake, but more recent reports of well-written versions are much harder to spot and avoid. Scammers use American Express logos and branding in emails designed to trick customers into clicking a link and visiting a website to enter personal account information. Some look very convincing, but with careful examination and some new tactics, you can avoid getting caught by this scam. 

A conceptual illustration of an American Express email scammer.
 Lifewire / Theresa Chiechi

How Does the American Express Email Scam Work?

Scammers use emails to try to get American Express customers to hand over their credit card numbers, birth date, social security number, and other personal information so they can use it to steal their identities. 

An American Express phishing email is one that is formatted to look and sound like it came from American Express. They generally use scare tactics, and the message contains a sense of urgency with vague threats of locking or closing your credit card account if you do not comply immediately. Sometimes these emails ask you to “verify your user ID.” Some emails even include legitimate-looking transaction details and claim to come from the fraud detection department, asking you to respond quickly to the charges listed. In some cases, scammers use terminology that sounds like cardholders are getting an upgrade to their account. They use various techniques to lure you in either by scaring you or offering something valuable and in return you must provide your personal account details.

There have even been reports of an American Express text scam where customers receive text messages asking them to verify specific details of their account. 

How Do the American Express Email Scammers Find Victims?

Cybercriminals obtain email addresses through various sources. In some cases, they may send out mass emails to thousands of people, hoping that some of them are American Express customers who will take the bait. Some use bots to scour the internet for email addresses; other scammers purchase targeted lists of email subscribers on the dark web

How Do I Avoid Getting Involved in This Scam?

The best way to avoid getting hooked by this scam is to know exactly what to look for in the emails and what to do if you receive one. First, check the “from” email address. They can be spoofed but check your email headers to verify that the email came from a legitimate account with American Express.

The only email addresses that American Express uses to email customers are: @americanexpress.com, @aexp.com, @welcome.aexp.com, @americanexpress.co.uk, @email.americanexpress.com, @welcome.americanexpress.com, and @aexpfeedback.com.

The tips below are things to look for when spotting a scam:

  • If you receive an email claiming to be from American Express and it does not come from one of the domains listed above, it is fake. Do not open it, do not click any links, and delete it immediately.
  • Look for grammar mistakes and oddly worded sentences. These telltale signs can indicate it is not legitimate. 
  • If the email pushes you with urgent messaging to take an action or your account may be closed, restricted, or locked, it is probably fake. 
  • Never click a link inside an email. Always open a new browser page, log into your account from there and see if anything needs your attention.
  • Do not open any attachments from anyone you do not know.
  • Hold your mouse over links to see where they go. 
  • Never send personal information via text message to anyone you do not know. 
  • Look for the https in URLs before entering any information on a website that looks like American Express owns it. If you do not see a lock symbol, it could be a spoofed website. 
  • Never give out personal details to anyone who requests it unless you initiated the exchange.

Banks and credit cards never ask customers to verify social security numbers, account numbers, dates of birth, or other personal details via email or the internet. 

I’m Already a Victim. What Should I Do?

If you received one of these emails and clicked a link, opened an attachment, or visited a website and then entered your account numbers or any other personal details, including your login, take the steps below to counteract any damage done. 

  • Contact American Express by phone (go to their website to get the phone number or look on the back of your card) and explain what has happened. They will change your account number and security details.
  • Change the password and PIN# on your login account with American Express.
  • If you provided any bank details or other personal information, contact those institutions to secure the accounts, and change your card numbers and logins. 
  • Update your antivirus software on your computer and run a full scan to make sure nothing malicious was installed on your machine.
  • Contact the credit bureaus to set up credit monitoring or put a credit freeze on your account so no new accounts can be opened in your name without your authorization. 

Forward the email to the American Express report phishing email address, which is: spoof@americanexpress.com. Do not include your account number or any personal details; just send it to them and then delete it from your email account. 

How Do I Avoid Being Targeted for the American Express Email Scam?

The best way to guard against the American Express email scam is to keep your eyes open for these types of emails. Before reacting, scrutinize them carefully. You can always contact American Express by phone if you feel like there is a legitimate problem with your account. Some other precautions to take are: 

  • Never click links or open attachments in emails.
  • Always keep your antivirus software updated and run scans frequently.
  • Change passwords for online banking and credit card accounts often and use complex combinations of letters, numbers, and symbols.
  • Check your credit report to scan for any unauthorized activity. 
  • When in doubt, contact American Express directly via the phone to inquire if the email is real or fake.
  • Never give out personal information to anyone unless you know exactly who they are and the purpose for doing so. 

Be watchful for emails that sound urgent or threatening and be conscious about what you do with them to stay safe.