Email Hacking Exposes Shoppers to "Spear Phishing"

| 1 Comment | No TrackBacks
The Epsilon data breach may turn out to be the biggest data breach of all time. Had you ever heard of Epsilon before this weekend? Me neither! But it's the largest permission-based email marketing company in the world, sending 40 billion pieces of mail every year for 2,500 client brands. And it made the news in a big way, admitting that a security breach March 30 allowed an intruder to gain access to customer information from some of its client companies.

I got two emails - from Home Shopping Network and Disney Destinations.
Whoever the thieves were, they not only know our names and emails but where we bank, vacation and shop. That makes us all vulnerable to "spear phishing" -- attempts to collect personal info that succeed because our defenses are down. You're more likely to respond to a phishing email that looks like it comes from your credit card issuer - and mentions you by name.

Epsilon didn't say which companies were affected. But as clients began notifying their customers of the breach over the weekend, we discovered they include two of our three largest banks, America's biggest supermarket chain, drugstore chain and consumer electronics retailer:

  • Major banks (Citi, Chase, USBank, Barclays, Capital One), with literally hundreds of credit card brands
  • Big retailers: Target, Kroger, Walgreen, New York & Co., Best Buy, Home Shopping Network, QFC, Lacoste and AbeBooks
  •  A number of hotel loyalty programs (Marriott, Hilton, Ritz-Carlton, Disney)
  •  Other big companies: Ameriprise, TiVo, McKinsey and Co., Robert Half and The College Board among them

These companies were quick to reassure people that their financial information wasn't exposed, although a full investigation is taking place that may reveal more details. There's no need to cancel your credit cards or change your account settings, PCWorld writer Jared Newman advises: "Unless you've got a really stupid password, your money is safe."

But we'll all need to read our email a little more carefully! Don't click on embedded links in an email that claims to be from your credit card issuer or bank. Don't dial the phone number listed in the email. Always take the time to look up the legit number and remember that a legitimate bank, retailer or service provider will NEVER ask a consumer to provide personal or financial info in an email.

The Epsilon email breach shows how vulnerable our data is. If you were to get a notice like this advising that your SSN or bank account info were breached and now in the wrong hands, would you panic? Would you know what to do or who to call? Or are you prepared to handle it yourself?

Something like this serves as a reminder that we do NOT have control over our own data - and we should hope for the best but plan for the worst. If we don't think about our risk now - then when? You may have dodged this bullet, but sooner or later, odds are good you will get a similar letter.

To reduce your risk of becoming a victim of fraud left reeling by the impact of an identity theft, it's important to stay alert to the latest scams, tricks and methods used by today's professional ID thieves. Take identity theft seriously and take the time to learn what steps you can take to reduce the blow.  

Enhanced by Zemanta

No TrackBacks

TrackBack URL:

1 Comment

Identity theft can come at you in ways you may not expect, and the results may be devastating to the wallet. Suspicious emails must be screened before clicking any link on it. Although you may not change your usernames, you should ensure that your password is not that easy to guess.

Leave a comment

A memoir exposing the steep price consumers pay when facing mortgage servicing errors, inaccurate credit reporting, illegal debt collection practices, identity theft and weak consumer protection laws. THE BOOK » DENISE'S STORY »