Protect yourself from phishing

 

 

 

 

How to spot a scam and keep your Account safe

 

Phishing emails are easy to spot once you know a few of the indicators.

Our handy advice will help you stay one step ahead.

 

 

Security - phishing email icon

 

What's a phishing email?

Phishing emails are messages made to look as though

they were sent from a bank, credit card company or

another trusted organization.

The emails usually contain a malicious link or attachment.  

locked browser icon

What do they contain?

Fraudsters will typically try to trick you into clicking a link  through to a fake website. For example, you may be told that if you don't follow the link and update your password, your account will be suspended.

Once on the fake site, you could be asked to enter sensitive information such as your log-in details, password or account number. Like the phishing email, the site will look genuine but it's not.

 

How Can I Spot a Phishing email ?

 

If you think you might have recieved a phishing email from American Express,

the first thing to do is check the email address it came from,

We will normally email you from the following addresses

 

@americanexpress.com                        @aexpfeedback.com                                    @aexp.com

  @email.americanexpress.com               @welcome.aexp.com                @americanexpress.co.in

@welcome.americanexpress.com                                                                                                       

 

 

If we're emailing you about your Account, the message will usually also contain

your first name and the last few digits of your Account number.

 

Other ways to spot a phishing email

 

• The sender calls you something general like “customer” instead of your name.


• They want you to act urgently. For example, they might tell you that unless you do
   something right away, your account may be closed.

 

• They want you to open an attachment you weren’t expecting.


• The email contains spelling and grammar mistakes.


• The email is sent from a different address or a free website address.


• They ask for personal information such as your username, password or bank details.

 

• To check the authenticity of the destination, hover the cursor over the URL to verify the desired destination.

 

• Call the sender directly to verify email, do not reply to email if you believe it's suspicious. 

 

Reporting email scams

 

If you think an email looks like a phishing attempt, forward it to
Phishing@americanexpress.co.in as soon as you can.

Please do not include your Account number in the email.

If you think your American Express® Account information has
been compromised, give us a call straight away.

 

link1

How to help protect yourself against scam emails

 

• Don’t give out your Card details, log in details, PIN or password.

 

• Keep your antivirus software, firewall and security patches up-to-date.

 

• Don’t reply to emails from unknown sources, nor should you open their
  attachments or click on any links.

 

• Make sure your email system’s spam filter is switched on. Most can be

  set to allow emails from trusted sources and block those from untrusted

  sources.

 

 

Phone Scams


Fraudsters may also try to obtain your details over the phone - a process often known as vishing. This is a form of social engineering, which means obtaining sensitive information from people through deception and manipulation.


Be cautious of anyone asking for your personal information. Beware of fraudulent callers posing as American Express employees that request your Card details by offering a free upgrade on your existing American Express Card or to refresh your Know Your Customer (KYC) details in your e-wallet. Do not click on suspicious links sent by him/her. They may mirror your device or mobile sim to steal confidential information such as One Time Passwords (OTPs).

 

Please do not share any PIN, Password, OTP, Login ID, credit card details etc. American Express will never ask you for your account detials by email or phone, so any unsolicited call/SMS should be treated as suspicious. We only ask for security questions just to confirm your identity but would normally only ask for partial answers, so your personal information isn't revealed.  

 

Fraudsters using Toll Free Numbers 

 

Fraudsters are continuously devising new ways to deceive consumers. One of their newest scams is contacting customers and pretending to be service providers like electricity & telecom. They try to mislead you about their identity and attempt to obtain your personal information to commit fraudulent activities.

 

Scammers also use phone numbers and toll-free numbers similar to those of an actual service provider. These numbers appear to be as the official service provider numbers on applications providing caller id service.

 

They pretend to be from a service provider, and ask for one-time passwords, or request that you download a specific application – which unknowingly allows them access to your devices.

 

While on a call with the customer, scammers will use various methods to defraud, including sending out malicious links in emails and texts. The emails and texts appear to be from a legitimate source, and clickable links are added to these emails or texts to phish for personal information.

 

Here is a common scenario a scammer may use when contacting you:

 

Fraudster: Good morning. I am calling from *Your Service Provider*. Our records show that you have not paid your bill for the month. Please pay it immediately to  avoid any additional fees or disruption of services.

 

Cardmember: I have paid my bill. This must be a mistake.

 

Fraudster: I’m sorry. Your payment does not show in our records. Give us a moment to re-check.

*The Fraudster then keeps you on hold for 2 minutes to show legitimacy. *

 

Fraudster: Sorry, we have checked once again, and there is no record of that payment in our systems. To resolve this, you can download the ‘ABC’ app and try making the payment again. I would be happy to stay on the line and talk you through the process.

 

Cardmember agrees and downloads the ‘ABC’ app.

 

Fraudster: Now that you’ve downloaded the app, simply follow the instructions on the screen to enter your details, then proceed with your payment. I’ll hold in case you have a problem.

 

Cardmember: Okay, I’ve entered my details and the payment has been made.

 

Fraudster: I’m sorry, your payment is still not reflected in our records. Could you please provide the one-time password you just received on your phone for cross-verification purposes?.

 

Cardmember: Yes, here are the details you requested.

 

*Cardmember provides their OTP or Card details.*

 

Fraudster: Okay, thank you. The payment has gone through and will reflect in your account shortly. Thank you for your patience. Have a nice day.

Without their knowledge, the scammer now has the Cardmember’s details and can steal money from their account.

 

Dos and Don’ts

Here are a few simple Dos and Don'ts that you can follow to ensure you don’t become a victim of this type of scam:

 

Dos

- When contacting us, always use the toll-free or helpline numbers located on the official American Express website.

- Use caution when answering calls from unknown phone numbers.

- Make sure your passwords are strong and that you keep them secure.

- Always use trusted websites with a padlock symbol before  the URL, which should begin with 'https://'.        

 

Don'ts

- Never share your private information such as passwords Card details or one-time passwords with anyone over a call or via email.

- Do not download or install applications from untrusted sources.

- Do not click on unsolicited links.

SMS Phishing


Fraudsters may send you a text message that asks you to confirm your Account details. You can spot them in the same ways you can spot a phishing email. Contact us straight away if something seems suspicious.

 

 

Bin-raiding


The oldest trick in the book – digging through your trash bin to find personal details and account information. Fraudsters still do this, even in the digital age, so stay on the safe side by thoroughly shredding bank statements and any other documents that contain sensitive information. 

 

Find out how we protect you

 

Protect your identity online