Consequences of the Epsilon breach: spear phishing

As more well-known corporations and brands send out emails warning users that their email addresses may have been compromised as part of a security breach at Texas-based marketing firm Epsilon, many are wondering what the consequences of the leak will be. According to Krebs on Security, expect to see some deviously targeted phishing schemes in the near future. These targeted attacks, called “spear phishing,” convince the reader that they need to divulge account information by posing as a legitimate website. In this case, Best Buy customers who were on its email list may confronted with an email that looks like it’s from Best Buy asking from some personal information. According to Rod Rasmussen, CTO at Internet Identity,

“I think this is going to make a big difference in spear phishing, where you may not be targeting an individual, but you know that that person has a bank account with US Bank and recently stayed at Disney,” Rasmussen said. “You now can automate spam based on things people have actually done, so your missive that they need to log into your phishing site is much more affective. You can also correlate across your data to see all the services someone is using, phish them for a user/password on something innocuous, and then re-use the same password for the bank they use, since there’s such rampant password re-use out there.”

As with any time you venture out to the Internet, never give information out to anyone you aren’t absolutely sure needs to have that information. The rule of thumb as far as email goes is that companies will never ask you to verify information using email. If a company is asking you to provide any piece of identification via an email campaign, it’s either a phishing effort or an incredibly irresponsible business who is about to get reported for phishing and lose a lot of money.

As of now, the list of major companies affected by the email breach includes (but is not limited to):

  • Abe Books
  • American Express
  • Ameriprise Financial
  • Barclays Bank of Delaware
  • Best Buy
  • Borders
  • Brookstone
  • Capital One
  • Citibank
  • City Market
  • CollegeBoard
  • Dillons
  • Disney Vacations
  • Food 4 Less
  • Fred Meyer
  • Fry’s
  • Hilton Honors
  • The Home Shopping Network
  • Jay C
  • JP Morgan Chase
  • King Soopers
  • Kroger
  • LL Bean
  • Marriott Rewards
  • McKinsey Quarterly
  • New York & Co.
  • QFC
  • Ralphs
  • Ritz Carlton
  • Robert Half
  • Smith Brands
  • TiVo
  • US Bank
  • Verizon
  • Visa
  • Walgreens
Report a problem with article
Previous Story

IE to have a metro feel in Windows 8 for tablets

Next Story

Larry Page officially takes over as Google's CEO

22 Comments

Commenting is disabled on this article.

neilf4321 said,
I've just received a warning email from Marks & Spencers
Me too, was just heading over to update the list

I would think a company that represents such a huge amount of high value corporations and handles their emails and customer info would have better security.

Anyone ever thought of Encrypting their email address lists and databases?? I know encryption can be broken but bypassing firewalls and security is one thing, doing that and then breaking a high encryption on many files may deter most hackers. I think there should be something in the Agreement with the big company's and these marketing firms to where they have to hold the same security level or higher with confidential info.

Buzz99 said,
Lame, security company that can't protect themselves...and customers.

This didnt happen through a security company. This was a marketing firm, that all these other companies give the info to so that the marketing firm could "manage" email marketing for each individual company affected. They managed to make a mess.....

A company called HCN might also be on this list, they were hacked yesterday, and sent out emails to their customers too. Just sounds familiar.

Andrew Lyle said,
A company called HCN might also be on this list, they were hacked yesterday, and sent out emails to their customers too. Just sounds familiar.

The Home Shopping Network