When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Consequences of the Epsilon breach: spear phishing

As more well-known corporations and brands send out emails warning users that their email addresses may have been compromised as part of a security breach at Texas-based marketing firm Epsilon, many are wondering what the consequences of the leak will be. According to Krebs on Security, expect to see some deviously targeted phishing schemes in the near future. These targeted attacks, called “spear phishing,” convince the reader that they need to divulge account information by posing as a legitimate website. In this case, Best Buy customers who were on its email list may confronted with an email that looks like it’s from Best Buy asking from some personal information. According to Rod Rasmussen, CTO at Internet Identity,

“I think this is going to make a big difference in spear phishing, where you may not be targeting an individual, but you know that that person has a bank account with US Bank and recently stayed at Disney,” Rasmussen said. “You now can automate spam based on things people have actually done, so your missive that they need to log into your phishing site is much more affective. You can also correlate across your data to see all the services someone is using, phish them for a user/password on something innocuous, and then re-use the same password for the bank they use, since there’s such rampant password re-use out there.”

As with any time you venture out to the Internet, never give information out to anyone you aren’t absolutely sure needs to have that information. The rule of thumb as far as email goes is that companies will never ask you to verify information using email. If a company is asking you to provide any piece of identification via an email campaign, it’s either a phishing effort or an incredibly irresponsible business who is about to get reported for phishing and lose a lot of money.

As of now, the list of major companies affected by the email breach includes (but is not limited to):

  • Abe Books
  • American Express
  • Ameriprise Financial
  • Barclays Bank of Delaware
  • Best Buy
  • Borders
  • Brookstone
  • Capital One
  • Citibank
  • City Market
  • CollegeBoard
  • Dillons
  • Disney Vacations
  • Food 4 Less
  • Fred Meyer
  • Fry’s
  • Hilton Honors
  • The Home Shopping Network
  • Jay C
  • JP Morgan Chase
  • King Soopers
  • Kroger
  • LL Bean
  • Marriott Rewards
  • McKinsey Quarterly
  • New York & Co.
  • QFC
  • Ralphs
  • Ritz Carlton
  • Robert Half
  • Smith Brands
  • TiVo
  • US Bank
  • Verizon
  • Visa
  • Walgreens
Report a problem with article
Next Article

Larry Page officially takes over as Google's CEO

Previous Article

IE to have a metro feel in Windows 8 for tablets

Join the conversation!

Login or Sign Up to read and post a comment.

22 Comments - Add comment