How to recognise and avoid phishing scams

Learn how to identify, avoid, and report phishing attempts to help keep your personal information and finances secure.

What is a phishing scam?

Phishing is a very common type of cybercrime that aims to trick people into revealing personal information, which is often then used for financial gain.

Examples of phishing scams

Phishing often occurs via email, phone, SMS or voicemail.

• An email that appears to be from your bank or credit card company, asking you log in or verify your account
details via link.

• A text message claiming to be from a reputable company, urging you to click a link to resolve an issue
with your account.

• A phone call or a voice message from someone pretending to be from your bank or a government agency, demanding immediate action to secure your account or avoid legal trouble.

Common phishing scam tactics

Here’s some common phishing themes:

• Appealing offers: If it seems too good to be true, it probably is. Be extra cautious
and check for legitimacy.

• Urgent action: Attackers often inject a sense of urgency to make you feel you need to act
straightaway. They may tell you your account has been suspended or that they’ve detected suspicious activity – and you must log in immediately to fix the problem.

• Incorrect recipients: Phishing emails may not address you by name – “Dear Customer”
– or may even use an incorrect name.

• Attachments or links: Emails containing attachments or links should be treated with
suspicion. Scammers may disguise malicious links, for example, use a “1” in place of an “l” – which is almost undetectable.

How to prevent phishing scams

Here are some ways to help avoid falling for a phishing scam:

• Don’t respond to a request for information if you recognise any of the warning signs listed above. Remember, it’s easy for scammers to appear to come from legitimate institutions.

• Don’t click on an attachment or link unless you’re sure it’s legitimate. If you’re using a computer, hover your cursor over the link to reveal the real URL.

• If a request seems odd, unusual, or suspicious, it probably is. If it appears to be from a company or someone you know, contact them by phone or another method to make sure they really sent the request.

• When in doubt, visit a website directly by typing the address into your browser instead of clicking on a link.

• Use multifactor authentication. This adds a layer of safety by requiring an additional identification method to log in to your account.

What is a phishing scam?

Phishing is a very common type of cybercrime
that aims to trick people into revealing personal
information, which is often then used for
financial gain.

How can you be sure that it’s
American Express contacting you?

We will never call you and ask for the following:

Full ID
details

One-time
verification codes

Logins
and passwords

Your Card
details or PIN

Examples of phishing scams

Phishing often occurs via email, phone, SMS or voicemail.

• An email that appears to be from your bank or credit card company, asking you log in or verify your account details via link.

• A text message claiming to be from a reputable company, urging you to click a link to resolve an issue with your account.

• A phone call or a voice message from someone pretending to be from your bank or a government agency, demanding immediate action to secure your account or avoid legal trouble.

Common phishing scam tactics

Here’s some common phishing themes:

• Appealing offers: If it seems too good to be true, it probably is. Be extra cautious
and check for legitimacy.

• Urgent action: Attackers often inject a sense of urgency to make you feel you need to act straightaway. They may tell you your account has been suspended or that they’ve detected suspicious activity – and you must log in immediately to fix the problem.

• Incorrect recipients: Phishing emails may not address you by name – “Dear Customer”– or may even use an incorrect name.

• Attachments or links: Emails containing attachments or links should be treated with suspicion. Scammers may disguise malicious links, for example, use a “1” in place of an “l” – which is almost undetectable.

How to prevent phishing scams

What to do if you receive a phishing scam

If you receive an email relating to American Express that you believe could be fraudulent, immediately forward it
to AUemailfraud@americanexpress.com. Do not include your Account Number in the email.

If you feel your American Express Account information has been compromised, please contact American Express immediately by calling
the number on the back of your Card.

Phishing protection – how to protect yourself from phishing scams

Don’t take the bait. Learn how to spot a phishing email scam and what to do if you think you've received one.

What is Phishing?

Phishing is a common online scam where fraudsters send emails pretending to be from a bank, Credit Card company or other trusted organisation. They usually try to trick you into clicking on a link, often to update your password to avoid your Account being suspended.

If you click the link in the email, you’ll actually be taken to a website that looks genuine - but is actually a fake site designed to trick you into entering personal information such as log-in details and Card Account details.

Received a suspicious email?

If you receive an email relating to American Express that you believe could be fraudulent, immediately forward it to AUemailfraud@americanexpress.com. Please do not include your Account number in the email.

If you feel your American Express Account information has been compromised, please contact American Express immediately by calling the number on the back of your Card.

10 ways to help protect yourself from phishing scams

Never release your Card number, Card security number, PIN or password to an unknown person or organisation.
Beware of anyone calling or emailing you and requesting security information. If you are unsure about the identity of a caller, phone American Express using the number on the back of your Card or statement.
Fake emails can often (but not always) be spotted in the following ways:
- The sender’s email address is different from the real organisation’s website address
- The email is sent from a completely different address or a free webmail address
- The email does not use your proper name, but uses a non-specific greeting such as “Dear customer”
- The sender ask you to act urgently – i.e. that unless you do something right away, your Account may be closed or suspended
- The email contains a request for personal information such as username, password or bank details.
- The email contains grammar and spelling errors
Keep your anti-virus software, firewall and security patches up-to-date to prevent fraudsters accessing your details via your computer.
Do not open emails which you suspect as being spam.
Do not respond to emails from unknown sources or open their attachments.
If you are suspicious of an email, you can check if it is on a list of known spam and scam emails that some internet security vendors feature on their websites.
Most email clients come with spam filtering as standard. Ensure yours is switched on. Most spam and junk filters can be set to allow email to be received from trusted sources, and blocked from untrusted sources.
Think before you click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination. Beware if this is different from what is displayed in the text of the link from the email.
When choosing a webmail account such as Gmail, Hotmail and Yahoo! Mail, make sure you select one that includes spam filtering and that it remains switched on.

Other service and security benefits

Chip and PIN

How to use Chip & PIN and
Contactless Payments

Learn more

Card fraud alerts

Set up security alerts to protect
against fraud

Learn more

Online privacy

View American Express privacy
principles and policies

Learn more

Not an American Express Card Member yet?

Explore our Cards