Confirm Your Account (American Express scam email)

Here is an example of a letter from a scammer who wants my American Express login and password details. (That's assuming I have an American Express card, obviously...)

This is interesting because email communication with many credit card institutions and banks now include a few digits from your account. The number of digits varies depending on the institution. The email will also include your name, a message such as "This email is for Alexis Wilke", proving (yeah! right!) that the sender is the dude that has your information.

Here the scammer clearly doesn't have that information and he changed the number with XXXX's. I find that interesting because if he had used just 3 digits, he would have had 1 in 1,000 chances of hitting the correct number. In other words, if he sends that email to 100 million people, 100,000 of them would receive an email with the correct digits... In all likelihood, though, the destination website would be knocked down before much damage happens.

On the other hand, most scammers would have difficulties to send million if not billion of emails with the correct recipient name or other details. (i.e. a company could include the last 4 digits of your phone number, for example—if those do not match any one of your phones, then you know that's not the company contacting you and you should not follow any of the links). So checking all of those parameters each time is not a bad idea.

The Verify Account button had the following link:

Nothice that this is an Amazon AWS computer and nowhere do you have American Express domain name in that URL. Finally, it was not secure (not HTTPS). This is probably going to do a 301. Often hackers do that to avoid having the final destination knocked out too quickly. (well, I'm assuming that's in part the thinking behind having 301s).

Return-Path: <>
X-Greylist: delayed 60 seconds by postgrey-1.35 at do; Thu, 09 Apr 2020 06:58:15 UTC
DMARC-Filter: OpenDMARC Filter v1.3.1 C0A22415A6
Authentication-Results:; dmarc=none
    dkim=pass (1024-bit key; unprotected) header.b=R1+0Yl8j;
Received: from ( [])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by (Postfix) with ESMTPS id C0A22415A6
    for <>; Thu,  9 Apr 2020 06:58:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;;
    h=mime-version:from:to:subject:content-type; s=s1;
    bh=siywZ9j3InpqKG/4CVQlpoLK9MRwJR/NvNHXs+6Ioms=; b=R1+0Yl8jP3KPX
Received: by with SMTP id filter0344p1iad2-19634-5E8EC74A-B
        2020-04-09 06:57:14.571556529 +0000 UTC m=+632481.507808555
Received: from WIN-43E79HIHPBB (unknown)
    by (SG) with ESMTP id qOcRnMxCR76prUDoyki7OA
    for <>; Thu, 09 Apr 2020 06:57:14.424 +0000 (UTC)
MIME-Version: 1.0
From: "American Express Online " <>
X-Priority: 1
Priority: urgent
Importance: high
Date: Thu, 09 Apr 2020 06:57:14 +0000 (UTC)
Subject: Confirm Your Account
Content-Type: multipart/alternative;
Message-ID: <>
X-SG-EID: 8bkIEHxtkl+nSCuwmXWpcV7XHqRCbZ+hluoXpk7g7/5YE6XrI1c+HmfgwctTz6pzRimfigAjVwtOm/






American Express (name)












We are having issues verifying your account with us.

You need to verify your account immediately .


We require your assistance to better help us confirm your card account with us.


For your convenience, you can log in to your online account now to get verified and continue using your account with us.



Verify Account










Thank you for your Card Membership,


American Express Customer Care











2019 American Express. All rights reserved.






American Express Logo