Phishing season opens for Epsilon customers

A company named Epsilon has been hacked and many email addresses were stolen.  This may not sound so bad at first.  But it is bad because a lot of email addresses from a lot of  businesses were stolen and the thieves can now target the email owners with phishing attacks.

Epsilon company is an “email marketing services company” that sends emails such as offers on behalf of clients.  They have more than 2,500 clients and send more than 40 billion emails a year.  Their client list includes large famous reputable companies including:  Capitol One, Citi, Marriott Rewards, Shopping Network, Walgreens, Kroger, Tivo and many more.

The Epsilon data breach occurred March 30, 2011.

Epsilon says that only email addresses and customer names were stolen.

The problem is that the thieves can use this information to create targeted phishing attacks, also known as spear fishing.  The thief, knowing that a person is a client of a company, can craft and send an official looking email to a specific client name and email address.  The message can look convincing enough that it can trick the recipient into sending personal information back to the thief or convincing the recipient to visit a web site that will ask for personal information.

This targeted phishing will be way more effective than randomly sending spam to random email addresses.

Be more vigilant to email scams and phishing.  Never send or give your personal information out to email requests or web sites listed in emails.  Reputable banks and businesses will not ask for your accounts, usernames, passwords, telephone numbers, social security numbers, this way.

If you believe an email may have merit, telephone the bank or business.

Here is one email I received regarding the data breach problem-

Dear Valued Customer,
Today we were informed by Epsilon Interactive, our national email service provider, that your email address was exposed due to unauthorized access of their system. (company) uses Epsilon to send marketing and service emails on our behalf.
We deeply regret this has taken place and any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. We were advised by Epsilon that the information that was obtained was limited to email addresses only.
Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties. We ask that you remain alert to any unusual or suspicious emails.
As always, if you have any questions, or need any additional information, please do not hesitate to contact us at xxx.xxx@com
Sincerely,
(company)

eWeek news article: http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Hits-Banks-Retail-Giants-154971/

Leave a Reply

Your email address will not be published. Required fields are marked *