Who’s Epsilon and why should I care?

Who they are.
Epsilon is the world’s largest permission-based e-mail marketer. Companies hire them to send promotions or other e-mails to their customers. Given Epsilon’s customer list, there’s a very good chance they have YOUR name and email address.

Why you care.
On March 30th Epsilon had a data breach and lost a lot of information. There’s a strong possibility your name and email address was part of the lost information. There’s a partial list of businesses that lost information through this breach at the end of this post.

What to expect.
Be prepared for an increase in spam and in particular look out for spear-phishing attacks. Spear-phishing takes advantage of known information and a trusted source to make an attack more effective. Let’s take a possible scenario from Epsilon’s breach. Say you have a brokerage account at TD Ameritrade and you are accustomed to getting their emails. Since TD used Epsilon, some potential evil doer knows the following: your name, your email address and you have some sort of relationship with TD. The attack would come in the form of an email allegedly from TD and it may ask you do one of the following:

1) Open an attachment – Attachment contains a virus to take control of your computer.

2) Click on a link in the email – Link goes to a poisoned website or a counterfeit duplicate of the real site.

3) Call a provided phone number about a problem with your account – The phone number and person you’re speaking to are NOT from TD.

4) Fax account specific info to a provided number – The fax does NOT go to TD but to the perpetrator.

What to do.
Short of changing your email address, the best thing is to be very cautious of any emails you receive requesting an action. Don’t open attachments, don’t click on links and don’t trust contact info contained in the message.

The List.
Here’s a partial list of the companies that have lost data through the Epsilon breech: 1800-Flowers, Abe Books, American Express, Ameriprise Financial, Barclays Bank of Delaware, Bebe Stores Inc., Benefit Cosmetics, BestBuy, Brookstone, Capital One, Citibank, City Market, The College Board, Dillons, Disney Vacations, Eddie Bauer, Food 4 Less, Fred Meyer, Fry’s, Hilton Honors, The Home Shopping Network, Jay C, JP Morgan Chase, King Soopers, Kroger, LL Bean, Marriott Rewards, McKinsey Quarterly, New York & Co., QFC, Ralphs, Red Roof Inns Inc., Ritz Carlton, Robert Half, Smith Brands, Target, TD Ameritrade, TiVo, US Bank, Visa, Walgreen


About securitysnapshot

Security Snapshot LLC is a computer and information security company helping concerned business owners protect their reputation and their client's private and personal information.
This entry was posted in Current Threat, eMail Attachment, Phishing. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s