American Express E-mail Fraud Alert

Example of Fraudulent E-Mail

As an example of a phishing e-mail, please note some of our customers reported receiving the following e-mail, which was known to be a hoax.

Approximate date the e-mail hoax was sent: 10/21/2004
Address appearing in "Sender" line: Staff@AmericanExpress.com or Support@AmericanExpress.com, or Service@AmericanExpress.com
Content in "Subject" line: "Notification of AmericanExpress Account"

Keep in mind, you do not need to give a company with which you have a business relationship your personal information. The company should maintain that information in their secured records.

If you have received and/or responded to an e-mail of this nature, purportedly from American Express, please see instructions below.

About E-Mail Fraud

Overview -- What is Phishing?

Phishing (pronounced "fishing") refers to fraudulent communications designed to deceive consumers into divulging personal, financial, or account information, including account user name and password, credit card information, and social security number. E-mail is most commonly used for phishing due to its low cost, greater anonymity for the sender, the ability to reach a large target group instantly, and the potential to solicit an immediate response. However, fraudsters have also used online pop-up windows, direct mail and phone calls.

Phishing e-mails often appear to come from legitimate financial institutions, insurance companies or retailers. Techniques such as a false "from" address, the use of seemingly authentic logos from financial institutions, or Web links and graphics may be used to mislead consumers into believing that they are dealing with a legitimate request for personal information. These fraudulent e-mails often create a false sense of urgency intended to provoke the recipient to take immediate action; for example, phishing e-mails frequently instruct recipients to "validate" or "update" account information or face cancellation.

How to Contact American Express about Fraudulent E-Mails

• If you receive an e-mail that you believe could be fraudulent, immediately forward it to emailhoax@service.americanexpress.com. Please note that any submissions to this email address will result in an auto-generated reply to notify you that we have received your e-mail, but we are unable to provide individual follow-up to each message with our findings. For consumers requiring additional assistance, please contact us at Contact American Express.
• If you have already responded to an e-mail with your American Express account information and you believe it to be fraudulent, please contact American Express immediately by calling the number on the back of your card. Or, for a list of phone numbers, please click here.
• Also, make sure that you immediately change any passwords and continue to monitor your account activities.

American Express Protects Your Privacy and Personal Information

American Express takes your privacy very seriously. Should our name be used in efforts to fraudulently obtain personal information, we will work aggressively to halt those operations.

In addition, it is important to know that American Express never sends e-mails requesting customers to reply in the body of an e-mail with personal information, such as password, social security number, account numbers, mother's maiden name, etc.

How to Protect Your Personal Information

Fraudsters often create a sense of urgency to provoke you to take action immediately. There is no need to respond instantly to an e-mail request. First, consider carefully whether the business in question would have sent you the request. If you are in doubt as to whether or not an e-mail is legitimate, do not respond to it. If the questionable e-mail offers a link asking you to provide personal information on a web page, do not click on the link, even if it looks genuine. In any cases of uncertainty, a safe alternative is to contact the company in question directly through familiar communications channels, such as the phone number provided on a billing statement or credit card. In all likelihood, phishing will continue to evolve into the use of more sophisticated tactics. For this reason, it is important to always think twice before you provide any personal information.