News Heading - 1

American Express Warns Customers of Third-Party Data Breach

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

American Express (Amex) alerted customers that a third-party data breach incident may have compromised their credit card details.

The hacking incident of a merchant processor was explained in a notification letter sent to impacted customers. Submitted under the name, “American Express Travel Related Services Company,” a copy of the letter was also filed with the State of Massachusetts Office of Consumer Affairs and Business Regulation (OCABR).

“We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system. [..] It is important to note that American Express owned or controlled systems were not compromised by this incident,’’ the notification letter explained.

According to the details shared by the company, card account information of some of the members was exposed, including current or previously issued Amex card account numbers, customer names, and other card details, like expiration date.

It also notified customers about receiving additional Amex issued letters if more than one of their accounts were hacked.

It is currently still unclear about the number of customers impacted by the incident and which merchant processor was hacked.

‘’Please be assured we are vigilantly monitoring your account for fraud and, if it should occur, you are not liable for fraudulent charges on your account,’’ the company reassured impacted customers.

It also advised customers to review their Amex account statements over the next 12 to 24 months for any sign of fraudulent activity. Impacted customers were also advised to enable instant notifications in the Amex Mobile app, to receive alerts of suspected fraudulent transactions.

Over the past several weeks (January & February 2024), American Express has reported several third-party breaches, involving exposure of credit or debit card details to the State of Massachusetts’ OCABR. The 2024 State of Massachusetts’ Data Breach Notification Report revealed.

News Heading - 2

Savvy Seahorse Uses Facebook Ads to Run Investment Scams

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A DNS threat actor, named Savvy Seahorse, has been observed using sophisticated and advanced techniques to lure victims into fake investment platforms.

According to Infoblox researchers, the gang utilizes Facebook/Meta ads and promises high-return investment opportunities.

They trick victims into depositing funds, entering their personal and financial information into seemingly legitimate investment platforms by impersonating reputable brands like Meta and Tesla. Victims were instructed to utilize Visa/Mastercard, a crypto wallet, or Russian payment providers such as Qiwi and YooMoney to make investment payments.

In addition, using fake ChatGPT and WhatsApp bots, hackers are able to generate automated responses to directly interact with and convince potential victims.

The campaign is mainly directed at Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers. However, there were also victims from Ukraine, India, Fiji, Tonga, Zambia, Afghanistan, and Moldova.

The threat actors decided whether or not redirection will occur by following a series of validation checks on the user shared information, like IP address, geolocation, phone number, and email provided.

Moreover, by taking advantage of Domain Name System (DNS) in an obscure way, the hackers leverage DNS canonical name (CNAME) to create a traffic distribution system (TDS) for their financial campaign.

‘’As a result, Savvy Seahorse can control who has access to content and can dynamically update the IP addresses of malicious campaigns,’’ Infoblox researchers said .

‘’This technique of using CNAMEs has enabled the threat actor to evade detection by the security industry; to our knowledge, this is the first report to focus on the use of CNAMEs as a TDS engineered for malicious purposes.’’

Savvy Seahorse has been operational since at least August 2021, with short-lived individual campaigns lasting between 5 to 10 days. ‘’Although participating domains are sometimes flagged by security tools, the greater infrastructure and actor behind them have gone undetected by the security industry,’’ Infoblox revealed.