2-factor authentication scam

I received an email for a convincing-looking phishing scam in my inbox that I absolutely had to share with you. This time around, thieves are taking good security advice and twisting it to get you to give them your bank information. Here’s what the email that arrived in my inbox looked like:


These scammers claimed to be from American Express and said that the company had some new procedures for online banking that would require two-factor authentication and a security question.  This email not only looks legit, it kind of sounds legit. But it also threatens you that you won’t be able to access your bank account unless you click the confirm button.  Click it and you get this authentic CAPTCHA.


You may ask how I know this is a scam? Well, I don’t have an American Express account. And if you look closely at the return address, it doesn’t look legit at all.


To their crooked credit, you actually do have to enter the code correctly. This makes the scam more authentic. When you do, you’ll be taken to this incredibly realistic looking page that wants the username and password for your AmEx account.


While this looks like a real page, the only link on the page that functions is entering your username and password.


Of course, what you’re actually doing here is giving scammers your bank information. Another clue that this is fake is the web address.


Don’t fall for a scam like this. It won’t necessarily come from American Express. It may come with the name of your bank or a credit card you use. If you actually think there’s an issue with an account, don’t click on a link in the email. Open up a browser window and go to your account by typing in the web address. Or check your statement and call the customer service number.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.