Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
USWsdymerski
Occasional Member - Level 3
5 hours ago
5 hours ago

Outstanding Credit Card Transactions - not sure if email from Concur is legit

User who recently started using Concur Expense received this email - I removed to "To" name for security with PII:

USWsdymerski_0-1777986297749.png

The subject line and email body are the same as what I've seen on posts about these emails, but when I hover over the link in the email body it reveals the original URL as going to bofa.com-onlinebanking.com - which is HIGHLY SUSPICIOUS

This appears to be a phishing email to me, but it has the user's full name in the To: and in the "Dear ....," so how would it get that information? 

 

 

0 Kudos
2 Solutions
Solution
cjmarimo
Super User
Super User
4 hours ago
4 hours ago

Hello @USWsdymerski ,

 

I’m sure this is a suspicious email:

 

Sender domain

From: Concur Solutions <noreply@credit-transactions.com>

This is not an official SAP Concur domain.
Legitimate Concur emails usually come from domains such as:

  • @concursolutions.com
  • @sap.com

This point alone is already a very strong red flag.

Most likely, a user’s address book has been compromised, which is why the attackers have access to all the contact information and can personalize the email.

 

BR,

cj

View solution in original post

0 Kudos
Solution
GrantC
SAP Concur Employee
SAP Concur Employee
3 hours ago
3 hours ago

Hi @USWsdymerski,

 

To piggyback on @cjmarimo's comment, always check the From address. The list of From addresses used by SAP Concur is here. Outstanding Credit Card Charge emails are usually Email Reminders, which come from EmailReminderService@concursolutiuons.com.

 

How they got that user's information, I couldn’t say. Phishermen often cast very wide nets, hoping to catch anything, and as SAP Concur grows, our users can become targets.

 

I’d suggest a few things:

  • Create a ticket so we can log it and have a record of it. I doubt there is much we can do, but if there is a wider issue, having this data point helps.
  • Send an email to your users letting them know that someone received a phishing email disguised as an SAP Concur email and what to look for in emails from SAP Concur.
  • Direct anyone else who gets fake emails from SAP Concur to report them. Again, if there is a wider issue, the more data points we have the better.

Excellent sleuthing by examining the details of the URL!

 

Fun little story: Once or twice per year, our IT team intentionally sends fake phishing emails to see if we’re paying attention and using the Report Phishing tools appropriately. A few years ago, I received one of these emails and while I was examining the URL I accidentally clicked it. Thankfully, it was not really a phishing email, and no harm was done. Unfortunately, because I clicked the link, I was automatically enrolled in a mandatory cybersecurity training.

 

Thanks,

Grant Chase - Senior Product and Solution Learning Specialist - SAP Learning

View solution in original post

3 REPLIES 3
Solution
cjmarimo
Super User
Super User
4 hours ago
4 hours ago

Hello @USWsdymerski ,

 

I’m sure this is a suspicious email:

 

Sender domain

From: Concur Solutions <noreply@credit-transactions.com>

This is not an official SAP Concur domain.
Legitimate Concur emails usually come from domains such as:

  • @concursolutions.com
  • @sap.com

This point alone is already a very strong red flag.

Most likely, a user’s address book has been compromised, which is why the attackers have access to all the contact information and can personalize the email.

 

BR,

cj

0 Kudos
Solution
GrantC
SAP Concur Employee
SAP Concur Employee
3 hours ago
3 hours ago

Hi @USWsdymerski,

 

To piggyback on @cjmarimo's comment, always check the From address. The list of From addresses used by SAP Concur is here. Outstanding Credit Card Charge emails are usually Email Reminders, which come from EmailReminderService@concursolutiuons.com.

 

How they got that user's information, I couldn’t say. Phishermen often cast very wide nets, hoping to catch anything, and as SAP Concur grows, our users can become targets.

 

I’d suggest a few things:

  • Create a ticket so we can log it and have a record of it. I doubt there is much we can do, but if there is a wider issue, having this data point helps.
  • Send an email to your users letting them know that someone received a phishing email disguised as an SAP Concur email and what to look for in emails from SAP Concur.
  • Direct anyone else who gets fake emails from SAP Concur to report them. Again, if there is a wider issue, the more data points we have the better.

Excellent sleuthing by examining the details of the URL!

 

Fun little story: Once or twice per year, our IT team intentionally sends fake phishing emails to see if we’re paying attention and using the Report Phishing tools appropriately. A few years ago, I received one of these emails and while I was examining the URL I accidentally clicked it. Thankfully, it was not really a phishing email, and no harm was done. Unfortunately, because I clicked the link, I was automatically enrolled in a mandatory cybersecurity training.

 

Thanks,

Grant Chase - Senior Product and Solution Learning Specialist - SAP Learning
USWsdymerski
Occasional Member - Level 3
2 hours ago
2 hours ago

I was 99.9% sure it was phishing so I will take all the prescribed steps you mentioned! Tho I CANNOT BELIEVE YOU were forced into mandatory cybersecurity training LOL - I know... it's scary to hover over the link and worry that your mouse will betray you and click on it without you intending to!

0 Kudos
SAP Concur Community
SAP Concur
SAP
Additional Resources
© Copyright 2026 Concur Technologies, Inc. All rights reserved.
Privacy Policy|Terms of Use|Do Not Share/Sell My Personal Information|