Remove “American Express – Unrecognized Transaction” email

The “American Express – Unrecognized Transaction” email is part of a phishing campaign that falsely explains users need to verify a recent transaction made from their American Express account. The email asks that recipients use the provided button to log in to their accounts. However, because this is a phishing email, the button will lead to a fake American Express site. If users type in their credentials, they will be immediately sent to the cybercriminals operating this phishing campaign. This could allow malicious actors to access users’ accounts and potentially make unauthorized transactions.

 

 

This “American Express – Unrecognized Transaction” phishing email is disguised as a notification from American Express notifying you about a recent transaction that needs to be verified for security reasons. The email does not have much information besides a request to verify the transaction. It also has a “Verify now” button, which would lead you to a fake American Express website that asks you to log in. If you fall for this phishing attempt and type in your login credentials, they will be stolen. With the stolen credentials, malicious actors may be able to log in to the account and make unauthorized transactions.

The full “American Express – Unrecognized Transaction” email contents are below:

Subject: Confirm Your Recent Transaction

American Express

Do you recognize this purchase?

We need your attention on recent transaction

You are getting this email because you need to login your account to verify your recent transaction and ascertain they are all from you.

Verify now

View your account online
View your account online
About your online security
About your online security
Manage your alerts
Manage your alerts

Your account information is included above to help you recognize this as a customer care e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at americanexpress.com/phishing. We kindly ask you not to reply to this e-mail but instead contact us via Customer Care.

© 2025 American Express. All rights reserved.

Login credentials of all kinds, particularly for money-related accounts, are highly sought after by cybercriminals. It’s very important that users know how to recognize phishing emails in order to avoid getting their money stolen.

If you have already fallen victim to this phishing attempt, contact American Express and change your account password immediately.

What are the signs of a phishing email?

When it comes to phishing campaigns that target many users with the same email, it’s relatively easy to identify them because they tend to be generic. These generic emails often lack any kind of personalization and are typically riddled with grammar and spelling mistakes. However, it’s important to note that specific individuals would likely be targeted by significantly more sophisticated phishing emails. These emails would appear much more credible, making it that much more likely that the targets would fall for it. Fortunately, the majority of users tend to encounter the more straightforward, easily identifiable phishing emails.

If you receive an unsolicited email asking you to click a link or open an attachment, the first step is to verify the sender’s email address. A quick search online can help you determine if the email address aligns with the identity the sender claims to represent. Generic phishing emails often originate from seemingly random addresses, while more advanced attacks may use addresses that look similar to those of legitimate companies or organizations. This particular “American Express – Unrecognized Transaction” email is very obviously not sent from any American Express email account, there’s no need to even research it as a quick look is enough. So without even looking at the contents of the email, you should be able to identify it as a phishing attempt.

Another sign to watch out for in phishing emails is poor grammar and spelling. Many of these emails contain noticeable mistakes, which immediately give them away. For example, this “American Express – Unrecognized Transaction” email has very obvious mistakes, which you would certainly not see in legitimate American Express emails. Real emails from legitimate senders, especially banks, will not have mistakes in them.

Always take your time to analyze an email that urges you to take action, such as clicking a link or opening an attachment. If you see a link, hover over it to check its destination before clicking. For attachments, use an anti-virus program or services like VirusTotal to scan them before opening. If an email mentions issues with your account, don’t click any links; instead, log in to your account directly to verify the situation.

Lastly, always inspect the URL of a website before entering your login information. Phishing sites can imitate legitimate ones pretty closely, but their URLs will always give them away.