Epsilon Breach – Phishing Likely the Main Threat for Customers
The Epsilon security breach continues to have people on edge and irritated. Meanwhile, the companies’ with email databases that were compromised continue to send out emails to customers alerting them of the situation.
Some are going further, and providing advice on how to procede. For example, Citi customers received an email this morning, warning them of potentail phishing attacks as a result of email addresses falling into spammers’ hands. Here’s a sample from that:
Because e-mail addresses can be used for “phishing” attacks, we want to remind our customers of the following:
– Citi Cards uses an Email Security Zone in all of our email to help you recognize that the email was sent by us. Customers should check the Email Security Zone to verify that the email you received is from CIti and reduce the risk of personal information being “phished”. To help you recognize that the email was sent by Citi we will always include the following in the Email Security Zone in the top headline portion of all our emails:
+ Your first name and last name
+ Last four digits of your Citi card account number
+ And recently to increase security, we have added your “member since” date located on the front of your card, where available.
– ThankYou(SM) Rewards always includes your first name, last name, last four digits of your ThankYou Member ID, and Total Available Point Balance in the top headline portion of all our emails to help you recognize that the email was sent by us. Customers should check the top portion to verify that the email they have received is from ThankYou(SM) Rewards and reduce the risk of personal information being “phished”.
More information about phishing is available here: learn more.
Important steps that you can take to protect your security online:
– Don’t provide your Online User ID or password in an e-mail.
– Don’t reply to e-mails that require you to enter personal information directly into an e-mail or URL.
– Don’t reply to or follow links in e-mails threatening to close your account if you do not take the immediate action of providing any personal information. We may send you an email regarding your account requesting you contact us via phone.
– It is not recommended to use your e-mail address as a login ID or password.
They also give an email address to contact if you supsect you’ve received a fraudulent message.
While security experts will be quick to back up the notion of being cautious about phishing attacks, they’re also playing down the extent of the damage done by the breach, considering it was just names and email addresses that were allegdly attained by the attackers.
Perimeter E-Security CTO, Andrew Jaquith said he received an email from McKinsey Quarterly notifying him of the attack and made a couple quick observations – first, this is embarrassing for Epsilon and second, the attack will be of no consequence to most people. He says that companies should take this incident as an opportunity to reinforce their security policies, but shouldn’t worry too much.
The reported list of companies that use Epsilon seems to keep growing. There are reportedly over 2,500 of them, and the company says 2% of its customers were hit. The list includes: US Bank, Capital One, JPMorgan Chase, Citigroup, Best Buy, Kroger, TiVo, Walgreen’s, Target, Disney, Robert Half, Brookstone, Home Shopping Network, McKinsey & Company, etc.