Got this in my email yesterday, supposedly from Amex, telling me they've cancelled my merchant account...
482633
I DO have an Amex merchant account, and this email looks fairly legit. Only obvious problems with it, is my account doesn't end in 7774, and I'm not named in the main email. Check the bottom of the pic, it's the web address that comes when hovering over the "LOG IN" button, and it's an AMEX address. Every link on the page appears to be a geniune AMEX address. Whether the links actually GO to those addresses I have no idea because I haven't tried. I'm thinking of pulling the ethernet cable from the computer and seeing if the links actually try to open AMEX web pages, but thought I'd post up first, see if anyone else has gotten one of these. This the first email I've considered bogus that has 'good' web link addresses...

Just logged into my AMEX merchant account (first time in a long time), and all is well.

I don't hate much of anything, but I got no love for hackers... 482634

What always puzzles me is if people are smart enough to run a scam, they surely are smart enough to hold down a decent job.

You must be special :) , most scams I get are so obvious I don't need to look hard to decide if they are scams.

Usually there is some sort of broken English and a very vague greeting. If you don't know my name or have any relevant knowledge of me it gets deleted.

And don't forget: If you opened it, they'll know, and send more at an exponential rate. Fun times.


...smart enough to run a scam, they surely are smart enough to hold down a decent job

Exactly.

And don't forget: If you opened it, they'll know, and send more at an exponential rate. Fun times.



Exactly.

Typically the links to the graphics in the e-mail are coded so they know what graphic was downloaded from their server and hence which specific email address opened them. I turn auto-downloading of email graphics off on all of my email accounts to avoid this tracking.

Typically the links to the graphics in the e-mail are coded so they know what graphic was downloaded from their server and hence which specific email address opened them. I turn auto-downloading of email graphics off on all of my email accounts to avoid this tracking.

THIS IS A MUST for everyone! Never allow graphics to automatically load in your email. YOU can choose if you want them to load after you receive an email.

Most legitimate financial sites have a fraud dept and are happy when you forward these kinds of emails to them.

jtk

THIS IS A MUST for everyone! Never allow graphics to automatically load in your email. YOU can choose if you want them to load after you receive an email.

I've only ever used Thunderbird for email client. You have to click to open any graphics in the email. You can choose to open graphics automatically in the future from that address. Outlook some years ago had some sort of preview mode which was enough to download the nasties. That was disabled by default but not soon enough for some.

If you want to take the time, AmEx asks that customers forward phishing emails to them at spoof@americanexpress.com , and they'll try stop the spoofer.

Many internet scams are obvious for a reason (queue an email from my long lost Nigerian uncle) The scammers only want the most gullible to respond. Their limit is time and any person who figures out the scam half way through results in lost income.

I always thought that point was interesting when I read it.

This seems to have a more sophisticated target. Amex has the highest rate of fraud last time I checked.

I'm pretty careful, or at least I think so ;) --

As to 'don't open graphics', agreed. However, I don't, and never will, use IMAP email. I download all email to my computer via POP. I DO check my email from my server, but mostly to throw out the trash before downloading it. And I'll read email from my server from my customers or other known senders. Anything suspicious at all, like the above, gets downloaded to my computer. Before I check anything suspicious I'll disable the internet from the computer. If I'm real suspicious I'll pull the ethernet cable from the computer to divorce it from the whole network. Then I'll virus-scan the email--even though I've never had an AV fail to immediately find a virus within an email the instant my computer receives it. The last virus infection I ever had was the Happy99 virus 23 years ago. I got ransomware emailed to me a few years ago, plain old Defender caught it immediately...
482684

And Thanks Gary, for the link, I will be sending this that email to them...

... Whether the links actually GO to those addresses I have no idea because I haven't tried. I'm thinking of pulling the ethernet cable from the computer and seeing if the links actually try to open AMEX web pages, but thought I'd post up first, see if anyone else has gotten one of these. This the first email I've considered bogus that has 'good' web link addresses...

There's probably a way you can safely look at the "source" text that comprises the message, depending on your email program. I use Thunderbird. With the message selected in the list of messages, I go to the "View" menu and click "Message Source". That opens a window with a bunch of code. All the links will begin with "http". Use the search function to find the links. You can probably hit the F3 key to repeat after finding the first one. There can be many. In a good scam, the links for images and much of the filler go to the legitimate site, but the ones they want you to click on will not.