Remove “Capital One – Purchase Was Charged To Your Account” email

The “Capital One – Purchase Was Charged To Your Account” email is part of a malicious campaign that intends to phish users’ Capital One login credentials. The email is disguised as a purchase notification from Capital One and informs recipients that there is a pending purchase of $2,169.90 from United Airlines. The email provides a link for recipients to review the purchase. However, if users were to click on the link, they would be taken to a phishing site. If users type in their login credentials on that site, they will be transferred to the cybercriminals operating this phishing campaign. This could allow them access to users’ Capital One accounts.

 

 

There has been a recent increase in phishing attacks specifically targeting Capital One customers. We’ve written about several campaigns, including the “Capital One – Secured Message” email, “Capital One – Card Purchase Is Under Review” email, and the “Capital One – Unusual Spending Activities Detected” email. This particular Capital One phishing email claims that there’s a pending purchase, which users can view by clicking the link. Specifically, this supposed purchase is $2,169.00 and was made at United Airlines. If users interact with the email and click the provided link, they will be taken to a fake Capital One website that very closely imitates the real one. If users try to log in and put in their login credentials, they will be sent to the cybercriminals operating this phishing campaign.

The full contents of the “Capital One – Purchase Was Charged To Your Account” email are below:

Subject: A purchase was charged to your Capital One account.

Sign In

A purchase was charged to your account.

About your Capital One account.

As requested, we’re notifying you that on Date 6/3/2025 14:13:28 at United Airlines, a pending authorization or purchase in the amount of $2,169.00 was placed or charged on your Capital One account.

Note: You’ll receive this notification for both purchases and pending authorizations, such as car rentals, hotel reservations and gas purchases, even if an actual transaction hasn’t taken place.

Please visit your account to view your pending and posted transactions.

If the malicious actors behind this phishing campaign succeed in tricking users into revealing their login information, they can gain access to those accounts and potentially steal funds. It’s crucial for anyone who has fallen victim to this phishing campaign to reach out to Capital One right away to report that their accounts might have been compromised.

Login credentials, especially for financial accounts, are prime targets for cybercriminals. To prevent falling prey to phishing schemes, users have to familiarize themselves with how to identify phishing emails.

What are the signs of a phishing email?

Phishing emails that target many users tend to be quite generic and not difficult to identify. Such emails often appear unprofessional, contain noticeable grammar and spelling mistakes, and have all the common signs of phishing attempts. More sophisticated phishing campaigns usually target high-profile individuals or organizations, so average users are less likely to encounter them.

When users receive an unsolicited email urging them to click on a link or open an attachment, they first need to verify the sender’s email address. A quick online search can reveal if the email address belongs to the person/organization the sender claims to be from. Less sophisticated phishing emails are often sent from random addresses, while more advanced scams may use addresses that closely mimic legitimate organizations. In this particular case, the “Capital One – Purchase Was Charged To Your Account” email is clearly a phishing attempt because it comes from a suspicious email address that does not match Capital One’s official domain.

Another red flag is grammar and spelling mistakes. Legitimate emails rarely have mistakes, as they have to look professional. This particular “Capital One – Purchase Was Charged To Your Account” email is more sophisticated in this regard because it does not have obvious mistakes, but it does not look professional enough to have come from Capital One. Additionally, users should take note of how an email addresses them. This particular email does not address users at all, which is a clear giveaway as customers’ names would be used in a legitimate email.

Users should always take the time to carefully examine any email that prompts them to interact in some way—whether that means clicking on a link or opening an attachment. If there are links included, users should hover the cursor over them to see where they lead before they click on them. For attachments, it’s a good idea to use an anti-virus program or scan them with a service like VirusTotal before opening. Clicking on links in emails should also be avoided. Users can always manually log in to their accounts to check for any issues.

Finally, before entering any login information, users have to always check the URL of any website. Phishing sites can closely resemble legitimate ones, but their URLs often reveal the phishing attempt.