I received an email for a convincing-looking phishing scam in my inbox that I absolutely had to share with you. This time around, thieves are taking good security advice and twisting it to get you to give them your bank information. Here’s what the email that arrived in my inbox looked like:

am-ex-email

These scammers claimed to be from American Express and said that the company had some new procedures for online banking that would require two-factor authentication and a security question.  This email not only looks legit, it kind of sounds legit. But it also threatens you that you won’t be able to access your bank account unless you click the confirm button.  Click it and you get this authentic CAPTCHA.

click-am-ex

You may ask how I know this is a scam? Well, I don’t have an American Express account. And if you look closely at the return address, it doesn’t look legit at all.

am-ex-legit

To their crooked credit, you actually do have to enter the code correctly. This makes the scam more authentic. When you do, you’ll be taken to this incredibly realistic looking page that wants the username and password for your AmEx account.

am-ex-fake-page

While this looks like a real page, the only link on the page that functions is entering your username and password.

user-id-enter

Of course, what you’re actually doing here is giving scammers your bank information. Another clue that this is fake is the web address.

address-for-amex

Don’t fall for a scam like this. It won’t necessarily come from American Express. It may come with the name of your bank or a credit card you use. If you actually think there’s an issue with an account, don’t click on a link in the email. Open up a browser window and go to your account by typing in the web address. Or check your statement and call the customer service number.