Threat Intelligence Blog

Posted April 11, 2011

The recent Epsilon breach, which could quite possibly be the largest of its kind, has exposed millions of customer email addresses from many of the nation’s largest companies, including banks and retailers. While we have seen a decrease in spamSPAM: Unsolicited usually commercial messages (such as e-mails, text messages, or Internet postings) sent to a large number of recipients or posted in a large number of places. phishingPhishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. attacks over the last year, data breaches like Epsilon empowers cyber criminals to dispatch millions of fraudulent emails disguised under trusted commercial and financial brands to gain access to personal account information. The significance of this breach is that the data stolen is tied directly to a well know event and can be manipulated to target unsuspecting account holders.

So what does this mean? People are going to be flooded with emails stating that they need to update their security records due to the breach, but how will they know a legitimate email from a fake? Quite simply, criminals can now use this information to contact all the victims of the breach and impersonate Epsilon’s customer service. Unknowing victims could think the email requests are coming from their authorized bank or retailer and may unknowingly click on malicious links, download virus laden attachments, or worse, provide key personal information.

Because these attacks often look legitimate, it’s much easier to fall victim if you are not careful. If something doesn’t seem right, it most likely isn’t. NEVER click on a link or download an attachment if you are not positive it came from a trusted source. Also, never give up your personal information (i.e. passwords, account numbers, etc.) over the phone or via email. Your financial institution or retail provider will never ask you for it through those channels. Taking precautionary steps can potentially save you from being the victim of financial loss or perhaps worse. Making sure you and your employees are properly educated will go a long way in complementing your existing security measures. Anti-virus and other solutions help reduce the chances of becoming a victim, but by no means should be your sole means of protection.

Additional Posts

Hacked WordPress Sites: An Open Letter to WordPress Developers

The content management system WordPress is a fantastic tool. Its ease of use has has helped it ...

Cyber Criminals Adapt As Threat Landscape Changes

If there is one thing we know about criminal activity on the internet, we know it changes ...