Remove “Capital One – Do you recognize this purchase” email

The “Capital One – Do you recognize this purchase” email is part of a phishing campaign that targets users’ Capital One login credentials. The phishing email claims that there was an unrecognized purchase from the recipient’s account. It’s disguised as a security notification and asks recipients to either confirm the purchase was made by them or to cancel the transaction by clicking on the provided button in the email. If users click on the button, they will be taken to a phishing site that asks users to log in to their Capital One accounts. If users type in their login credentials, they will be transferred to the cybercriminals operating this phishing campaign.

 

 

This “Capital One – Do you recognize this purchase” phishing email is disguised as a notification from Capital One notifying you about a potentially suspicious purchase. It contains the supposed purchase’s date, merchant name, amount, and purchase status. The purchase sum is likely going to be several thousand dollars so users feel pressure to react quickly. The email asks that the recipient either confirm or cancel the purchase by clicking on one of the provided buttons. Interacting with the email will lead users to a phishing site that poses as a Capital One sign-in page. If users type in their login credentials, they will be sent to the cybercriminals operating this phishing campaign.

The full “Capital One – Do you recognize this purchase” email contents are below:

Subject: Do You Recognize This Purchase ?

Capital One

Do you recognize this purchase?

About your Capital One credit card

Please let us know if you or an authorized user recognize the purchase below. The sooner we hear from you, the sooner we can help protect your account from unauthorized purchases.

Date Merchant Name Amount Outcome

Yes, I Recognize It
No, Something’s Wrong

Some things to consider when reviewing your purchase:

If you respond yes, declined transactions will stay declined. After responding, try your card again.
To cancel a legitimate purchase, contact the merchant directly.
A pre-authorization can differ from your transaction amount because merchants (typically gas stations) estimate your amount (usually $1–$100) before the transaction is complete.

If you’ve already resolved this, you can ignore this email or sign in to your account to check out the details.

To speak to a customer representative in Spanish, please call us at the number on the back of your card. / Para hablar con un representante de servicio al cliente en español, por favor llámanos al número que aparece en el reverso de tu tarjeta.

Download the Capital One Mobile app Download the Capital One Mobile app.
About This Message

If cyber criminals successfully phish users’ login credentials, they may be able to access the accounts and steal money. Users who have fallen for this phishing campaign must contact Capital One immediately and let them know their accounts may have been compromised.

Login details, particularly for accounts that have something to do with finance, are highly sought after by cybercriminals. To avoid becoming phishing victims, users need to learn how to recognize phishing emails.

What are the signs of a phishing email?

Emails from phishing campaigns that target many users are usually easy to identify because they’re generic. The emails look very unprofessional, have many glaring grammar/spelling mistakes, and have many of the typical phishing email signs. More sophisticated emails tend to target high-profile people and organizations, so regular users will rarely get them.

Checking the sender’s email address is the first thing you need to check when you receive an unsolicited email that encourages you to click on a link or open an attachment. A quick Google search can help you determine if the email address matches the sender’s identity. Generic phishing attempts often come from random-looking addresses, whereas more advanced attacks may use addresses that closely resemble those of legitimate organizations. This particular “Capital One – Do you recognize this purchase” email is clearly a phishing email since it originates from an obviously fake email address that does not have Capital One’s domain.

Grammar and spelling mistakes are another giveaway. Mistakes are practically non-existent in legitimate emails because they look very unprofessional. The “Capital One – Do you recognize this purchase” email looks unprofessional, even if it does not have glaring mistakes. Another thing to take note of is how an email addresses the recipient. If you use the company’s services, you will always be addressed by name. Phishing emails generally either omit greetings altogether or address users with generic words like “Customer”, “Member”, “Users”, etc.

Always take the time to thoroughly inspect any email that urges you to interact with it somehow —whether that means clicking a link or opening an attachment. If you see links, hover over them to check where they lead before clicking. For attachments, it’s best to use an anti-virus program or scan them with a service like VirusTotal before opening. If an email suggests there’s an issue with your account, log in directly through the organization’s website to verify the claim instead of clicking on any links in the email. In this particular case, you could log in to your Capital One account manually and check for the mentioned transaction.

Finally, always check the URL of a website before entering any login information. Phishing websites can closely imitate legitimate ones, but their URLs always expose the scam. This phishing site has a clearly fake URL, even at a quick look.