Many, if not most, Americans got email messages from banks, stores and hotel chains where they had memberships, credit cards and accounts, warning them that their data might have been breached. This is the aftermath of a targeted, and successful, attack on an internet marketing firm in Dallas called Epsilon. Epsilon, handles online marketing for some of the biggest names in business.
Though Epsilon says that the only data stolen was email address lists belonging to their clients, that doesn’t mean that anyone who might have been affected shouldn’t take extra care in the coming months. Email addresses alone, without passwords and other sensitive data, are of little use to criminals. But, since Epsilon’s data showed which businesses those email addresses were frequently associating with, they can still be used to craft online attacks known as phishing. Phishing involves sending out fraudulent emails, hoping that the receiver will be tricked into giving away their own sensitive information.
David Jevans, chairman and founder of the nonprofit Anti-Phishing Working Group, told the AP that criminals have been moving away from indiscriminate phishing scams toward more targeted attacks known as “spear phishing,” which use breaches like this one to gather knowledge about their victims that helps them succeed.
“This data breach is going to facilitate that in a big way,” Jevans, also CEO of security company IronKey Inc, told the AP. “Now they know which institution people bank with, they know their name and they have their email address.”
So what does that mean for you? Changing passwords won’t help, you just have to be extra cautious about what emails you open and which websites you go to. Phishers might send emails that look like they’ve come from Chase or Citibank, leading you to websites that look like the real Chase and Citi sites, but aren’t. Then, when you enter your account information, they collect it. Be leery of unexpected email from affected businesses, and don’t click through links, particularly to bank and credit card accounts. If something looks off, check to make sure you’re not being scammed before you enter personal information. Be particularly careful to discuss what’s happened with your kids and make sure they’re on the look out as well, especially since the College Board has been compromised.
Financial institutions affected include Barclays Bank, Capital One Financial Corp., Citigroup, JPMorgan Chase and U.S. Bancorp. The parent companies of Best Buy, Ethan Allen furniture stores, the Kroger grocery chain, the Home Shopping Network and Walgreens drugstores have all been affected, as have the Hilton and Marriott hotel chains. The College Board, the not-for-profit organization that runs the SATs, has also sent out warnings that hackers may have access to student email addresses.
