---
title: "American Express Phishing Scam, Don’t Leave Home With it | DuoCircle"
description: "If you fall for the latest phishing attack aimed at American Express cardholders, you may not have a home left to leave."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/"
---

Quick Answer

An American Express phishing scam circulating around Christmas 2019 used domain spoofing, a Bitly-shortened link, and four progressively deeper fake AMEX pages to harvest card number, expiration, CVC, last four of the SSN, email, and password before redirecting to the real AMEX login. Not technically sophisticated, but effective.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Famerican-express-phishing-scam-dont-leave-home-with-it%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=American%20Express%20Phishing%20Scam%2C%20Don%E2%80%99t%20Leave%20Home%20With%20it&url=undefined%2Fblog%2Fphishing-protection%2Famerican-express-phishing-scam-dont-leave-home-with-it%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Famerican-express-phishing-scam-dont-leave-home-with-it%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Famerican-express-phishing-scam-dont-leave-home-with-it%2F&title=American%20Express%20Phishing%20Scam%2C%20Don%E2%80%99t%20Leave%20Home%20With%20it "Share on Reddit") [ ](mailto:?subject=American%20Express%20Phishing%20Scam%2C%20Don%E2%80%99t%20Leave%20Home%20With%20it&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Famerican-express-phishing-scam-dont-leave-home-with-it%2F "Share via Email") 

![Phishing Scam](https://media.mailhop.org/duocircle/images/2019/12/spf-record-generator-5544.jpg) 

If you fall for the latest **phishing attack** aimed at American Express cardholders, you may not have a home left to leave. According to [Strategic Revenue](https://www.strategicrevenue.com/this-amex-phishing-scam-wants-you-homeless-poor-with-zero-fico-score/), “_This AMEX Email Phishing Scam Wants You Homeless & Poor, With A Zero FICO Score_.” Yikes.

_This latest phishing scam is hitting hundreds of thousands of inboxes just in time for Christmas_. According to the article, “You receive an email which appears to be from American Express, but it isn’t, it’s from some unscrupulous hacker hiding somewhere behind a computer who is looking to steal your identity.”

From a phishing standpoint, this particular attack is not overly sophisticated. It uses the standard [domain name spoofing](https://www.barracuda.com/glossary/domain-spoofing) tactic and a clickable button. “After clicking on the button in the fake email, users are sent to a **fake website** which is designed to look identical to an authentic American Express website. _A link shortening service called “Bitly” is being used to hide the long fraudulent looking site address which will be visited._”

What makes this attack unique is that the fakery actually goes **four webpages deep**. In an effort to gain the victim’s confidence, the hackers actually created four fake webpage to steal as much information as possible, including credit card number, expiration date, 3-digit credit card security code, last four of the Social Security number, email address and password. With all that information, you probably will end up homeless, poor and with a FICO score of zero.

[![steal as much information](https://media.mailhop.org/duocircle/images/2019/12/spf-permerror-5544.jpg)](/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/attachment/spf-permerror-5544)

Just to make sure the phish is perfect, after the hackers get all your information, they redirect you to the actual American Express website where you have the pleasure of logging in again (that’s a clue that something’s wrong). _If you end up there, you are truly unlucky_. “You have only left to now login and see all of your ordinary information while some criminal is off to the **dark-net web** to distribute and sell your most secure personal information.”

It may not be a sophisticated attack, but some people will fall for it and their lives will be ruined. _With the technology available today, there’s no need for anybody to be a victim of this kind of identity theft_.

For pennies a day per user, [Phishing Protection](/email/phishing-protection) from DuoCircle can keep you and all your employees safe from phishing attacks. _It sets up in minutes, doesn’t require and hardware or software, and with **real-time click protection**_, you can be assured that no matter how sophisticated the phishing attack, you’ll be protected.

_Try **Phishing Protection** today risk free for 30 days_. It’s trusted by thousands of companies and comes with the best 24/7 live technical support in the industry.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Phishing 11m  AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough  Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[  Phishing 5m  10 Applications of ChatGPT that Hackers Are Already Exploiting  May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[  Phishing 4m  65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks  Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[  Phishing 9m  7 Ways to Protect Your Organization from Email-based Ransomware Attacks  Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"American Express Phishing Scam, Don’t Leave Home With it","description":"If you fall for the latest phishing attack aimed at American Express cardholders, you may not have a home left to leave.","url":"https://www.duocircle.com/blog/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/","datePublished":"2019-12-27T02:39:19.000Z","dateModified":"2025-05-13T14:39:03.000Z","dateCreated":"2019-12-27T02:39:19.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/"},"articleSection":"phishing-protection","keywords":"","wordCount":440,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/12/spf-record-generator-5544.jpg","caption":"Phishing Scam","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"American Express Phishing Scam, Don’t Leave Home With it","item":"https://www.duocircle.com/blog/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"American Express Phishing Scam, Don’t Leave Home With it","item":"https://www.duocircle.com/blog/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"American Express Phishing Scam, Don’t Leave Home With it","description":"If you fall for the latest phishing attack aimed at American Express cardholders, you may not have a home left to leave.","url":"https://www.duocircle.com/blog/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/","datePublished":"2019-12-27T02:39:19.000Z","dateModified":"2025-05-13T14:39:03.000Z","dateCreated":"2019-12-27T02:39:19.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/american-express-phishing-scam-dont-leave-home-with-it/"},"articleSection":"phishing-protection","keywords":"","wordCount":440,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/12/spf-record-generator-5544.jpg","caption":"Phishing Scam","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```