View Full Version : Is this phishing or not?

26-10-2005, 21:51:03
I just applied for a credit card online. I filled out the forms, including my social security number. I just got an email purporting to be from the credit card company, saying that they needed my social security number to complete my application. The address of the link they give is under the right domain name (it's www.americanexpress.com/myappstatus)

If I open a separate browser window and type that URL in, it will be safe to give whatever info I'm prompted for, right?

26-10-2005, 22:12:26
Make sure that browser window is secure. In Firefox 1.5 betas the address bar should be yellow and have a padlock on it, and in the status bar at the bottom it should have a domain (ie, www.americanexpress.com) next to the padlock.

If it's a popup window without any statusbars/address bars, right click and select View Page Info then click the Security Tab.

If the page is NOT secure, I would not enter anything.

If it IS secure, click 'View' to view the security certificate and ensure the issued-to domain is something legit.

26-10-2005, 22:16:46
Okay. Everthing seems to be in order.

Thanks, Asher.

Don't know why they needed me to reenter my SSN.

27-10-2005, 04:56:05
Fucking brilliant of them to send an email and invalidate all those 'do not reply to emails' warnings.

Fucking morons.

27-10-2005, 05:02:39
If you haven't already been raped, I'd call them and tell them to shred my application since I don't want to entrust financial relationships to such an irresponsible company.

27-10-2005, 07:29:51
Thinking about this now, what's even odder is that in order to edit my information (i.e. give them my SSN again) I had to sign in...by entering my SSN


Dyl Ulenspiegel
27-10-2005, 07:45:00
See if you can get to that window from the amex start site.

The page as such looks ok, but who knows. I tried to see whether they have a no-mail, no-info policy, but I only found this with a mail adress you may wish to use:


And if they really ask per mail for personal information online, they are retarded.

27-10-2005, 07:47:40
Yeah. I also checked that.

->personal cards
->check the status of my application

sends you to the same redirect URL as does typing in www.americanexpress.com/myappstatus

Dyl Ulenspiegel
27-10-2005, 07:51:26
Ok, took te me to a slightly different site (also appears a bit differently):




I may be slightly paranoid and overestimate what can be forged by phishers, but I'd contact the company and ask, just to be sure.

27-10-2005, 07:51:49
Think I'd have phoned (or emailed them - not reply) to ask what the hell was going on.

Can never be too sure these days.

27-10-2005, 15:03:50
If the window he entered the information on was secured and the certificate was assigned to a legit domain like americanexpress.com, it wasn't phishing, and just stupidity on American Express' part.

That's why the new version of Firefox will now show the issued-to domain for security certificates on the bottom right hand corner of the screen, so you can tell who is responsible for secure sites.

27-10-2005, 15:18:23
Thanks for the SSN KrazyHorse.

27-10-2005, 19:28:13
Anyhow, I talked to AmEx and everything's cool.

It is dumb of them, though.

28-10-2005, 04:35:44
Did you tell them to fuck off, because you do not want them 'being dumb' and sending financial information in plain 0's and 1's over the internet?

Hey, sniffers, just look for this combo, and then send them a follow up message, now that you know they'll be prepared by their own fucking bank to be swindled!

28-10-2005, 04:56:22
I don't think they sent unencrypted financial information over the internet, they asked him to enter the SSN on their secured website.

28-10-2005, 20:41:10
Asher is correct.

But NYE's attitude is also correct.

They should not send a request for information via email.

28-10-2005, 20:41:51
But I'm also their ho because their rewards program is so good (the only reason I'm getting a second credit card in the first place)


Dyl Ulenspiegel
28-10-2005, 20:58:58
I'll never understand the credit card business.

So by the rewards program, you'll rip off the retards who pay 20 % interest for their consumption credit?

Dyl Ulenspiegel
28-10-2005, 21:26:46
I just got a badly written phishing mail with the usual babble.

Odd thing: the link it gives www.bawag.com, which leads to the correct bank site, which has a current phishing warning that such mails direct to www.bowag.com. wtf? :confused:

28-10-2005, 21:34:38
Phishing for phishers maybe?

Dyl Ulenspiegel
28-10-2005, 21:36:54
Now that would be so cunning.