Search By Topic:

Popular Topics:



News & Features | Apr 14th, 2011

‘Spear Phishing’ Email Fears Spike in Wake of Epsilon Data Breach At Banks, Retail Giants

Elaine Rigoli

You’ve probably heard of phishing – it’s when a hacker pretends to be a trusted source in order to gain access to your online user name or email password.

In comparison, spear phishing involves more directly targeted emails in which the hacker already knows your personal details. This makes scamming appear more legitimate and much easier.

That’s why identity-theft fears are running rampant in the wake of the massive data breach at online marketer Epsilon. A hacker breached an Epsilon database that included millions of names and email addresses from customers who have “opted in” to emails from more than 50 large companies like Disney, Marriott, Hilton, Tivo, Best Buy, Target, Chase, US Bank, Capital One, Walgreens, Home Shopping Network, and Kroger.

Spear phishing is much harder to detect than regular phishing because the scammer already knows, for example, that you get your prescriptions filled at Walgreens, purchase your groceries at Kroger, bank at Chase, and take your kids to Disney every summer. As you can imagine, these spear-phishing scam emails are more directly targeted, increasing the odds you could have your identity compromised.

Epsilon -- which sends approximately 109 million daily email messages – has said only customer names and emails were leaked.

But many are starting to question exactly what Epsilon collects about consumers. For example, the Wall Street Journal notes a scary fact that implies they have more information than just names and email addresses:

“Companies like Epsilon know not to send a promotion for a winter coat to someone who lives in Miami, for example, or an email boasting low rates for mortgage refinances to people who don't own their homes.”

Even scarier? Epsilon is involved in loyalty programs to help companies know more about their customers – think about that the next time some checkout lady asks for your email! On its own website, Epsilon says its “powerful technology” tracks customers’ “transactions” – that would be your shopping history; “member profiles” – that would be all about you; and “program-specific data elements” – well, that could mean anything!

If you’re not sufficiently freaked out by your lack of privacy while shopping at brick-and-mortar and online shops, check out what else Epsilon manages on the behalf of countless corporations.

Online Safety Barriers

So while Epsilon tries to manage this public-relations nightmare, others are growing increasingly concerned. As one victim of the Epsilon email theft pointed out after hearing that “just his email” had been stolen from Epsilon, “It’s like, well, that's what you're telling me today. Are you going to be telling me something else tomorrow?"

It’s certainly a good idea to be wary of spam emails -- be extra cautious of any company or person attempting to get you to share your password or screen name via email. Another way the bad guys will try to steal your identity is by sending you a legitimate-looking email from your favorite retailer – for example, Target – and sharing a link for you to click to verify information. Don’t click on that link, as it will probably take you to a site with a virus or other phishing attack.

This Fox News video features security analyst Robert Siciliano, an industry expert with The Identity Theft Resource Center®, who shares even more wide-ranging security tips to protect yourself online in the wake of the Epsilon hacking.

Siciliano confirms that this latest data breach will put the issue of phishing on the map for everyone.

“We’re all going to get email after email – phishing emails – from bad guys trying to solicit our user names, passwords, credit card information, maybe other personal identifying information to take over existing accounts or open new accounts,” he says.


Associated Topics:

Associated Topics:


Related Posts

The Three Legs of Protection: Antivirus Software, Firewalls, and VPNs

Thought Leadership
Kent Lawson | Apr 15th, 2015

We've all heard about antivirus software and firewalls. But we probably don’t know as much about the third leg of computer protection: a VPN, or virtual private network. In his latest article, company CEO Kent Lawson says we do this at our peril, because the damage we can suffer from not using a VPN may far outweigh the risks of the other two combined. After the large-scale hack attacks over the past few years, VPNs are now earning their spot as the third security leg that is vital to every-day computer security. Read More

New Hotel WiFi Vulnerability

Thought Leadership
Alok Kapur | Apr 9th, 2015

Earlier this year, the FTC declared a critical announcement for travelers: hotel WiFi is dangerous. Many people assume that because they are paying for it the network must be safe, but that is a dangerous assumption. Hotel WiFi networks are completely insecure; the bad news is that a new exposure in hotel WiFi has just been found. Read more to find out how you can keep yourself protected. Read More

Cyber Security Training Just As Important at C-Level

Thought Leadership
Eva Velasquez | Mar 24th, 2015

The need for better online safety training to prevent data breaches is a hot topic right now. Coupled with stronger computer and network policies, companies want to prevent the hacking events that leave businesses susceptible to a data breach. While it’s no secret that employees in both the private sector and government service can unintentionally expose organizations to hackers, what is surprising is a report by Wombat Security that shows that 33% of CEOs fell for phishing attacks that led to network access. Why are they falling for this kind of internet activity? Read More

E-filing: The Fastest and Safest Way to File Taxes?

Thought Leadership
Eva Velasquez | Mar 9th, 2015

E-filing your annual return to the IRS offers speed and convenience and when coupled with industry-approved software that can plug in the values for you, a lot of the headaches traditionally associated with doing your taxes are eliminated. However, there are some potential dangers that you should be aware of, such as insecure public WiFi networks and online tax fraud. Read More


Thank you for subscribing to our newsletters

Your email has been added to our system. You will be e-mailed shortly with a request to confirm your membership. Please make sure to click the link in that message to confirm your subscription.