Beware of “American Express Account Has Been Locked” Scam

Photo of author

Written by: Stelian

Published on:

Over the past few months, a dangerous phishing scam has emerged targeting American Express cardholders. This phishing email falsely claims that the recipient’s American Express account has been locked due to a failed cardless payment.

The scam aims to trick recipients into handing over their account login credentials, exposing sensitive financial information to cybercriminals. This article will provide an in-depth overview of how the “American Express Account Has Been Locked” phishing scam operates, as well as tips for spotting and avoiding it.

Scams

Overview of the Scam

The phishing email pretends to be an urgent notice from American Express stating that the recipient’s account has been locked as a security measure after a recent cardless payment was declined.

It claims that the account has been blocked and that the recipient must verify their account ownership to unlock it. The email includes an attached HTML file disguised as a sign-in page for American Express accounts.

If the recipient attempts to sign in through this phishing page, their login credentials will be captured by scammers who can then access the victim’s account to make fraudulent transactions.

How the Scam Works

The phishing email arrives with the subject line “Action Required: Your account has been locked” to instill a sense of urgency in the recipient. The sender name is spoofed to appear as if the email comes from American Express.

The email body states that a recent cardless purchase by the recipient was declined and subsequently their American Express account has been temporarily locked as a security precaution.

It goes on to provide instructions for unlocking the account – asking the recipient to download a secure attachment and verify account ownership.

However, the attachment “Account_SecurePayment_Message.html” is not actually a secure sign-in page but rather a phishing page designed to steal account credentials.

Any information entered into this phishing page gets recorded and sent directly to scammers. The phishing site is carefully designed to replicate the look and feel of the real American Express login page to fool recipients.

After capturing the victim’s username and password through the phishing page, scammers can access the account to make unauthorized transactions, steal rewards points, view personal information, and more.

How to Spot This Scam

While this phishing scam is sophisticated, there are a few indicators that can help identify and avoid falling victim to it:

  • Generic greeting – Real emails from American Express greet recipients by name, not with a generic greeting like “Dear Card Member”.
  • Spoofed sender address – The sender email address is spoofed to appear like an official American Express address, but may have inconsistencies upon closer inspection.
  • Sense of urgency – Creating a false sense of urgency to panic recipients into clicking on links/attachments without scrutiny is a common phishing tactic.
  • Request for sensitive information – American Express will never ask for account passwords, PINs, or other sensitive information over email. Any email making such requests is a red flag.
  • Threat of account suspension – While American Express may send account notices, they will not threaten immediate account suspension without allowing you to directly contact them.
  • Spelling/grammar errors – The email body may contain spelling, grammar or formatting inconsistencies uncharacteristic of a large corporation.
  • Attachment – American Express will never send account updates as an attachment. Anything requiring download should be treated with suspicion.

What to Do if You Receive This Email

If this suspicious email lands in your inbox, take the following steps:

  • Do not click any links or download attachments within the email. The attachment is malware disguised as a login page.
  • Forward the scam email to American Express phishing email – phishing@aexp.com. Alerting companies about new phishing scams helps them warn other customers.
  • Report the email as spam/phishing to your email service provider. This helps improve spam filters.
  • Do not reply to the email or contact any numbers/addresses within the scam content.
  • Log in safely to your American Express account through the real website to review any notifications or irregularities.
  • Change account passwords as a precaution if you had engaged with the phishing email in any way earlier.
  • Monitor your account activity closely over the next few weeks for any signs of unauthorized transactions.

What to Do if You Suspect Your Account is Compromised

If you mistakenly clicked, downloaded or entered information into the phishing page, your American Express account may be compromised. Take these steps immediately:

  • Contact American Express – Call the 24/7 customer service line and report unauthorized access to your account. They can lock the account, issue new cards/numbers and reverse fraudulent charges.
  • Reset online account password – Log in via the real American Express site and change your password/security questions to prevent further access.
  • Review transactions – Closely monitor your account activity for fraudulent charges and report unauthorized transactions right away.
  • Cancel/replace cards – Ask American Express to cancel existing cards and issue replacements to safeguard your account from misuse.
  • Alert credit bureaus – Contact Equifax, Experian and TransUnion to place fraud alerts on your name and SSN if data is compromised.
  • Update information – If personal/contact information has been stolen, update details with American Express and other financial institutions.
  • Run an antivirus scan – If you suspect your device is infected with malware, you should run a scan with Malwarebytes Anti-Malware.

By taking swift action, you can contain the damage from phishing scams. But prevention is most effective, so be vigilant about spotting and avoiding such scams.

Frequently Asked Questions

Is this phishing email really from American Express?

No, this scam email only pretends to be from American Express by spoofing the sender address. The content is fabricated with the intent of stealing personal and financial information. American Express warns customers that they never send such phishing emails.

Are phishing scams like this common?

Unfortunately, phishing scams impersonating major financial companies have become very common. Scammers exploit brand names like American Express to target unsuspecting customers. It is important to be able to identify telltale signs of phishing attempts.

Can I tell if an email is phishing just by looking?

While scammers are sophisticated, phishing emails often have signs like grammatical errors, urgently threatening tone, spoofed addresses and questionable attachments. Verifying the sender address and avoiding clicking links/downloads can help avoid becoming victim.

What happens if I entered my American Express details into the phishing page?

If you downloaded the attached HTML file and entered your account username/password into it, that sensitive information is captured by scammers. Contact American Express immediately to report the account breach. Reset your login credentials to restrict access. Closely monitor your account and transactions until the issue is resolved.

Could the scammers make unauthorized transactions from my account?

Yes, phishing aims to steal login credentials to either sell them online or drain money directly from compromised accounts. If scammers gain access to your American Express account, they could improperly use it for their own transactions, purchases or transfers. Report and reverse any unauthorized activity.

The Bottom Line

Phishing emails like the “American Express Account Has Been Locked” scam can appear quite convincing through sophisticated spoofing and social engineering tactics. But with vigilance, these scams can be identified and thwarted before any damage is done.

Being aware of the common signs – urgent threats, spoofed addresses, suspicious attachments and requests for sensitive data – makes one far less likely to become a phishing victim. If you receive such a dubious email, avoid engaging and report it to the relevant companies immediately.

Staying informed about the latest phishing techniques and treating emails carefully will help keep your finances and identity secure. Handing over personal information to scammers gives them the power to exploit hard-working consumers. But a little caution goes a long way in protecting against that.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

Previous

Remove SupportGrid from Mac [Virus Removal Guide]

Next

Remove BounceDaily from Mac [Virus Removal Guide]