American Express Serve account hacked

  • Hi Guest, welcome to the help forum. You can get fast answers to your customer service questions here. We have a dedicated team of advocates who are ready to help. Just go to the section that matches your question and ask us!
  • If you've posted a question or issue for our advocates to assist with, please be sure to check back frequently for responses and requests for clarification.
  • Did you know you can get email notifications when something new posts to your favorite forum? It's easy. Just click the "watch" link right next to the "post new thread" button at the top of your favorite forum. The rest is easy. Now you'll never miss another conversation.
  • Want to become an expert user? Drop by the How to use this forum section and all will be revealed. We'll show you how to make the most of your experience.
Jan 13, 2020
1
0
1
31
#1
Hello!

Much like a lot of the other posts I have read on this forum, I'm hoping to get some guidance on how to get my wife's money back from Amex Serve Card. Today someone was able to log into her account first they changed her password, then they transferred money from her card to another card by using an email address "[email protected]" (i tried researching the domain and didn't get any results) in 3 different transactions one for 200.00 another for 140.00 and the last for 9.00 so in total $349.00 was stolen from her. Naturally we called them and was told to change her pin and that an investigation would be opened. My first issue with this is that they said "if" they ruled in her favor she would get her money back, but couldn't answer any questions as to how this could even happen in the first place. She only logs in using the Serve Card app and hadn't logged into her account all day. Neither of us know this email address and secondly only a person with a Serve card would know how to transfer from one card to another. Which really makes me feel like this is an inside job, now neither feel safe, I mean if anyone can just hack into your account and transfer money out where is the protection? I've never been through anything like this and I don't know where to start. Is there any help or advice that someone can give us?

Note: Edited by a moderator to move to new thread from this thread
 
Last edited by a moderator:

Dwayne Coward

Administrator
Staff Member
Director
Apr 13, 2016
704
1,100
93
St. Louis
#2
Hacking is a crime. You should report it and make sure the account is secure from further unauthorized use. While this may not help you recoup your funds, it will provide some documentation you can use to address it with the company and may help in stopping or catching those who commit these crimes.

https://www.ic3.gov/default.aspx

Unfortunately, there are many ways account information can be obtained for this purpose - social engineering (phishing), malware (including keyloggers), shared computers/tablets/phones, using the same login information on different accounts.

I'm afraid unless you are able to prove it was an inside job, and if the transactions were in fact made using the login credentials, the company is not going to consider this an unauthorized transaction. I'm not currently aware of any federal or state regulations that require companies to provide protection in these cases. You can use the guidance in the below post to address the issue with the company, and if they don't provide a resolution, you can try to file a complaint with the Consumer Financial Protection Bureau. Perhaps with enough complaints, regulators will provide some type of consumer protection in these cases.

https://forum.elliott.org/threads/resolving-consumer-complaints-and-developing-a-paper-trail.8903/
 
Feb 21, 2018
198
442
63
58
#4
While this doesn't really help now, anyone accessing sites for their financial information should strongly say "yes" to multi-factor authentication. I have it set up for my banking accounts and even if someone gets my username and password, they only way to gain access is with a code that is sent to me by text. They wouldn't even be able to change the phone number for that text, because it would require fully logging in to do so.

Yes, they could hit the texted code by random, but they'd need to be pretty good guessers. Three tries and the account is fully locked until I call and request help, for which I would need a lot more personal information to accomplish.