AmEx Card Data Revealed in Third-Party Data Breach
AmEx Card Data Revealed in Third-Party Data Breach
Synopsis:
American Express is notifying customers via email that a data intrusion at a third-party service provider may have exposed the details of their accounts.
Customers are strongly encouraged to examine their account statements, and cardholders will not be held accountable for any fraudulent charges, the company adds.
Nevertheless, the number of consumers impacted, the identity of the compromised third party, and the time of the attack remain undisclosed.
Customers are strongly encouraged to examine their account statements, and cardholders will not be held accountable for any fraudulent charges, the company adds.
Nevertheless, the number of consumers impacted, the identity of the compromised third party, and the time of the attack remain undisclosed.
Meanwhile, customers are advised to thoroughly examine their American Express accounts for any indications of fraudulent activity. The measures that follow will assist you in safeguarding your account.
- It is highly recommended that you regularly and diligently evaluate your account statements by logging into your account at americanexpress.com/MYCA, with particular emphasis on the following 12 to 24 months.
- Register for immediate alerts regarding potential suspicious activity if your card is active. To do so, enable notifications in the American Express Mobile app or visit americanexpress.com/accountalerts to subscribe to email or text messages.
- Ensure that American Express has your email address and mobile phone number in order to be able to communicate with you.
- Promptly forward any email pertaining to American Express that you suspect may be fraudulent to the following address: [email protected]. Your account number should be omitted from the correspondence.
Beware of Scammers
Scammers remain vigilant for data vulnerabilities because they provide a way to execute phishing attacks. A few recommendations should be kept in mind.
- By phone or email, American Express will never request sensitive account information.
- It is not advisable to uninvitedly install software, particularly if the request arrives as an email attachment.
- Scammers consistently manage to elicit a sense of urgency. Avoid being rushed by con artists into making erroneous decisions.
- Maintaining current versions of your security updates and anti-malware software will prevent fraudsters from accessing your information via your computer.
- Android users should exercise caution when using screen overlays on their devices, as they may intercept information inputted while the user believes they are in the app itself. Although screen overlays are difficult to identify, you can enable them on Android by navigating to Settings > Applications & Notifications > Special Access > Draw over other applications. (Note that the precise route may vary marginally based on the Android version and the manufacturer of your mobile device.) You can then examine all applications that possess the capability to “draw over” other applications to determine if they are authorized to do so.
Data Breach
You can take certain measures if you have been or have reason to believe that you have been compromised in a data breach.
- Consult the vendor for guidance. Due to the fact that each breach is unique, verify the nature of the breach with the vendor and adhere to any specific recommendations they may have.
- Enter a new password. You can render criminals unable to decipher a compromised password by altering it. Select a robust password that remains unshared across all accounts. Alternatively, have a password manager generate one on your behalf.
- Two-factor authentication should be enabled. Utilize a FIDO2-compliant phone, laptop, or hardware key as your second factor whenever possible. Similar to passwords, certain types of two-factor authentication (2FA) are susceptible to phishing. 2FA using a FIDO2 device is impervious to phishing.
- Be wary of fraudulent vendors. You may be contacted by the criminals while posing as the vendor. Ensure that the vendor is not contacting victims by examining their website; if so, verify any contacts through an additional channel of communication.
- Invest some effort. Phishing attempts frequently employ motifs that demand immediate attention, such as failed deliveries, account suspensions, and security alerts, and assume the identities of well-known individuals or organizations.
- Establish identity verification. Identity monitoring notifies you and assists you in recovering your personal information if it is discovered to have been unlawfully traded online.
About the author:
Yogesh Naager is a content marketer who specializes in cybersecurity and the B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.