A very impressive AMEX phishing email

Some of you don’t follow me on Twitter, so I’ll make a post about this.  I got this email yesterday, which I thought was a very good phishing email (see below.)  When viewing on desktop, you can tell it’s clearly a phishing email due to the dwgwg3@hjmnsr.com email address.  However, on your phone, it only shows up as “American Express” until you tap on the sender and then it’ll reveal the fake email address.  The body of the email I give it 10/10 stars in looking legit.  The only other way to tell it’s fake is that they didn’t capitalize “we’ve” in the subject.  That was the main giveaway that it was fake when I viewed it on mobile.  Also, the entire body of the email is a picture leading you to a web site whereas most AMEX emails are text-based.  Once again, that’s hard to detect on a phone.  Man, once these scammers learn capitalization and a bit more grammar, we are all doomed!

 

 

7 comments on “A very impressive AMEX phishing email

  1. we’ve -> We’ve, or better yet, “We have”
    detect -> detected
    comma after “account” should be a period and start a new sentence.

    comma after “longer”.
    Retention Policy shoudn’t be capitalized.

    bold “account” should be followed by a colon, not a period.
    “not be able access” should be “not be able to access”

    There are a few other issues that I’m ignoring, probably because the bank itself would likely make similar mistakes. My inner grammar nazi is displeased, but I had to slow down and actually read it to catch most of the errors. Skimming through, they’re pretty easy to miss, and we’ve grown rather accustomed to native English speakers not using proper grammar either.

  2. “The only other way to tell it’s fake is that they didn’t capitalize ‘we’ve’ in the subject.”

    Yeah, man. That’s the only other way to tell it’s fake that you could have “DETECT.”

  3. Good graphics, but poor grammar. The same way phishing emails hacked the Democratic Party’s emails.

  4. Also, “we’ve detect…” Should be detectED. Gotta read these things carefully anymore. You’re darn right, they are getting better at this crap! I’ve gone to never clicking in an email from any company I do biz with, just go to the website myself and see if they have tried to contact me or if I see a problem.

  5. Also the subject mentions a problem with a transaction but the actual message doesn’t reference any issue like that at all.

  6. Body of email is pretty good.. but I doubt Amex would ever display a straight up url in the email. I am surprised these guys can’t get an American to correct their grammar.

Leave a Reply

Your email address will not be published. Required fields are marked *