Epsilon Breach Will Impact Consumers for Years

Tuesday, April 19, 2011

Robert Siciliano


This week consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton and others, letting them know that their e-mail addresses have been exposed due to the recent Epsilon data breach.  

This provides a perfect opportunity for cybercriminals, who may try to take advantage of the breach to send out phishing e-mails designed to steal user names and passwords.  

Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing or spear phishing ones.

Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel the effects for decades.

Email addresses fall in the middle because consumers have the ability to change them, but often weigh the pros and cons and keep them for convenience sake.  This is what makes getting phished a higher probability.

McAfee Labs believe scammers will probably wait until they figure out how best to turn their scams into money, and may wait until the news cycle dies down.  

That’s why it is important for consumers to stay vigilant for a period of time…really for the entire time you posses a hacked email address.

Here are some tips for consumers to stay safe:

- Consider ditching your compromised address and starting new.

- Be aware that companies will never ask you for credit card information or other personal information in email.  If you are being asked to provide that information, it’s a scam.

- If you are suspicious of an email, go directly to the Web site of the company that purportedly sent it and don’t follow links in the email as those may be fraudulent. Call the company’s number listed on their Web site, not the number in the email as that may be a fake

- Consider unsubscribing from email communications and re-subscribing using a new email address for commercial communications. That way you know that messages that land in that new inbox are more likely to be genuine as the new address wasn’t part of the breach

- Use the latest security software, including Web security features to protect you from going to malicious Web sites such as phishing sites

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing the Epsilon breach for McAfee on Fox News. (Disclosures)

Possibly Related Articles:
Information Security
Phishing scams Personally Identifiable Information breach Consumers Epsilon
Post Rating I Like this!
Jimi Thompson Actually, since the information that was compromised contains a lot of data on any given individual, I think that spear phishing is very likely scenario.

You get an email purporting to be from Chase Bank. It has your email address, your home address, etc. and asks if you'd like to reorder checks.

You click on the link, thinking that you are ordering checks when all you are doing is supplying the routing number and account number to the phisher.

Heck, if they're really good, you'll even get a new box of checks in the mail. In the mean time, they're draining your bank account for a small sum every month...

If all you get is $1 from 100 million people, you still have 100 million dollars.....
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.