Where does the 48267 text message come from?
48267 is American Express’s (Amex’s) official short code.
It’s used for two-factor authentication codes, fraud alerts, and account security notifications. The number is legitimate—but scammers can spoof it. If a message includes a link, asks you to call a number, or pressures you to act fast, it’s not from Amex.
Who owns the short code 48267?
- Registered to American Express (Amex)
- Short code name: American Express Online One-Time Password
- Active since April 18, 2012
- Covers credit card services, payment processing, and account management.
This checks out across multiple independent sources. Dialpad’s database of shortcodes lists 48267 under American Express.
Amex also operates other short codes for different purposes:
| Short Code | Purpose |
| 48267 | 2FA & fraud alerts |
| 26390 | Credit alerts |
| 26391 | Account alerts |
| 764564 | Mobile wallet verification |
You can verify these on American Express’s Canadian SMS service page.
Why you got a text from 48267
- 2FA codes—you (or someone) tried logging in to an Amex account tied to your number.
- Transaction verification—a large or unusual purchase triggered an authorization code.
- Fraud alerts—Amex detected suspicious activity on your card.
- Account security—password changes, new device logins, or security setting updates.
The 2FA codes are the most common reason people search for this number.
When you log in to your Amex account online or through their app, you’ll get a one-time code from 48267 to confirm your identity. The same thing happens when you modify account settings or add a new device.
Fraud alerts are the second big reason.
When Amex spots something unusual—like a charge from an unexpected location—they’ll text you through 48267 so you can confirm or deny the activity. Their official security page explains how this fits into their broader fraud protection system.
If you didn’t initiate a login or transaction, someone else likely has your credentials. That code is the last barrier between them and your account. Don’t share it.
Is the 48267 short code safe or a scam?
Threat level: MODERATE
- Verification code you just requested → safe, use it normally
- Code arrives without you doing anything → suspicious, don’t share it
- Message includes a link or phone number → scam
- Someone calls asking for the code → scam, hang up immediately.
The short code itself is legitimate. The risk is in the context.
Routine 2FA codes are just numbers—nothing else. If a message claiming to be from 48267 includes a URL, a phone number to call, or asks you to “verify your identity” through anything beyond entering the code on the Amex site, it’s fraudulent.
How account takeover attempts actually work
Reddit’s r/Scams community has documented a specific pattern targeting Amex customers:
A scammer gets your login credentials—usually from a data breach or phishing email. They attempt to log in to your real Amex account, which triggers the legitimate 2FA system to send a code from 48267.
Then they call you, pretending to be Amex fraud prevention. They say they’ve detected suspicious activity and need you to “verify your identity” by reading them the code you just received. If you hand it over, they’re in.
The trick is that the code really did come from the legitimate 48267 number—which makes the whole thing feel credible. That’s why timing matters more than the sender.
Red flags to watch for
- You receive a code without attempting any Amex action
- Someone calls you asking for the code “to verify your identity”
- The message includes a link or phone number (real codes never do)
- You’re told your account will be locked unless you act immediately
- The caller knows some personal details but still asks for the code
Key point: American Express will never call you to ask for a verification code sent to your phone. According to Amex’s fraud protection guidelines, they may call about suspicious activity—but they’ll verify your identity through information only you would know, never by requesting a texted code.
What to do if you receive a message from 48267
If you have an American Express account
When you expect the code:
Enter it to complete your login or transaction. These codes expire within a few minutes, so use them promptly.
When you didn’t request anything:
- Don’t enter the code anywhere or share it with anyone.
- Log in to your Amex account directly—use the official app or type americanexpress.com into your browser. Don’t click any links.
- Change your password immediately.
- Review your recent transactions for unauthorized charges.
- Call the number on the back of your physical card to report the incident.
- Check your email for password reset requests you didn’t initiate.
If someone calls claiming to be from Amex: Hang up. Call the official number on your card instead. Legitimate Amex reps won’t mind you verifying their identity this way.
If you don’t have an American Express account
Getting a code from 48267 without an Amex relationship is unusual but not alarming. Common reasons:
- Someone mistyped their phone number during account setup
- A family member added your number to their account
- An error in Amex’s system
- Someone fraudulently tried to use your number.
Just ignore and delete the message. You can also forward it to 7726 (SPAM) to report it to your carrier. If the texts keep coming, contact American Express customer service to have your number removed from their system.
Troubleshooting delivery issues
Plenty of users run into a frustrating problem: codes from 48267 just stop arriving. T-Mobile community members and US Mobile users on Reddit have extensively documented this issue.
The culprit is almost always a carrier switch. When you port your number to a new provider—especially from AT&T to T-Mobile, or between MVNOs (mobile virtual network operators) like US Mobile—short code routing can break. Your new carrier may have inadvertently blocked short code traffic, or the old routing info hasn’t been updated.
How to fix it:
- Test the connection: Text “HELP” to 48267. If you get a response, the channel is open.
- Contact your carrier: Call customer support and specifically ask them to check for “short code blocks” on your line. Request that they enable short code 48267.
- Update your number with Amex: Log in to your account, go to Security Settings or Profile, and re-save your phone number—even if it looks correct. This forces Amex to re-register your number in their system.
- Check for spam filters: Some carriers have aggressive spam filtering. Ask them to whitelist financial institution short codes.
- Try a different network: Temporarily switch from WiFi to cellular data (or vice versa) when requesting a code.
Discussion on the Bogleheads forum confirms this is a widespread issue that usually resolves with carrier intervention. The problem isn’t with Amex—it’s with how mobile networks route short code messages after account changes.
Reporting suspicious activity
If you believe you’ve received a spoofed message or you’re being targeted:
→ Report to your carrier: Forward the suspicious text to 7726 (SPAM). This works across all major US carriers and helps them identify spoofing attempts.
→ Report to American Express: If the message contained phishing elements or asked for unusual actions, email the details to [email protected]. Include the message content and timestamp.→ Verify with official channels: Check the American Express Fraud Protection page or call the number on your card before taking any action based on an unexpected message.
FAQ
Can I block messages from 48267?
Technically, yes—text STOP to 48267 to unsubscribe. But if you have an Amex account, this is a bad idea. Blocking this number means you won’t receive critical security codes, which will lock you out of your account and leave you blind to fraud alerts.
Does American Express charge for these texts?
Amex doesn’t charge you. Your carrier’s standard messaging rates apply, though most modern unlimited plans include SMS at no extra cost.
Why did I stop receiving codes after switching carriers?
This is the single most common issue users face. When you port your number to a new carrier—especially T-Mobile or MVNOs like US Mobile—short code routing sometimes fails to update. Your new carrier may need to manually enable short code delivery. Contact them and specifically mention short code 48267. Reddit threads are full of users who resolved this with a single call to their carrier.
What should I do if I receive a code without trying to log in?
This likely means someone has your Amex login credentials and is attempting to access your account. Don’t use the code, don’t share it with anyone, and immediately log in through the official Amex app or website to change your password. Then call the number on your card to report the incident.
How can I tell if a message is really from American Express?
Legitimate codes from 48267 contain only a numeric code and possibly a brief instruction like “Use this code to verify your identity.” They never include links, phone numbers to call, or requests to reply with personal information. When in doubt, access your account through the official app rather than responding to the text.
Is it safe to reply HELP to 48267?
Yes. Replying HELP is safe and often recommended for troubleshooting delivery issues. It triggers an automated response from Amex’s system that confirms the line is active.
Can scammers send messages that appear to come from 48267?
Short codes are generally more secure than regular phone numbers, but sophisticated scammers can spoof the sender ID in some cases. That’s why you should never trust a message based solely on the sender number—always consider the context (did you just request something?) and the content (does it ask for unusual actions?).
