Epsilon, an advertising company that handles emailing clients of many large companies, had a bit of a problem over the weekend with email lists falling into the wrong hands. Somehow these massive lists were stolen, prompting a string of warning messages from the affected corporations. The affected companies include many banks such as Capital One, U.S. Bank, Citi, Chase, retailers Best Buy, TiVo, Walgreen, Kroger, and others. I also received warning letters from Walt Disney’s travel branch and Ameriprise Financial over the weekend. Epsilon announced on Friday that its system had been compromised, reporting lists of customer emails and names were released to unauthorized parties, but no personal information was included in these lists.
Email addresses that are matched to company client lists can mean a wave of targeted phishing is on the way. Phishing, pronounced “fishing” for those that don’t know, is an email message that tries to trick you into sending personal information, usually for criminal purposes. Right now scam artists can only send out random emails saying things like- Your bank account password needs to be changed to meet NCA342.34 standards. Please reply to this email with the following information:
Account Number: __________
Current Password: ____________
New Password: _____________
Not many people would fall for this, but if an email with the label “Mr. Jones, your Best Buy Account needs to be updated, please reply with the following information…” came in, readers may be a bit more apt to fall for the trick due to the personalization.
While the tech savvy community is very unlikely to simply email account information to a random email address, novice and elderly email users are usually the main victims simply from not knowing any better. Protect yourself and those you know by adhering to these simple tips:
- Be leery of any email requesting username, password, or account information. Ask yourself “Why would a company ask for this information when they should already have it?” Call the institution if you’re not sure.
- Watch for misspellings, poor grammar, or nonsensical language. Phishing scammers tend to come from locations where English is not the primary language.
- Watch for misspellings in the email address of the sender. For example: an email from firstname.lastname@example.org may be legit, but accounts@mybOnk.com would not.
- Be careful using links in emails. They can be formatted to they point to a different location than what is indicated. For example, if you click on www.cnn.com, you’ll go to our TOAST.net homepage.
- Use the latest version of your web browser. Most modern web browsers have phishing protection that will stop you from reaching fraudulent sites.
For more tips on how to keep yourself safe out there in the big, scary Internet world, check out TOAST.net’s 5 Steps for Safe Computing. It helps get rid of the “scary” part.