What Happened
Last Friday, a marketing company called Epsilon reported that its systems had been hacked. Cyber criminals stole names and email addresses from some of its email marketing clients’ mailing lists. Unfortunately, this kind of thing happens from time to time. What’s different this time, though, is that Epsilon’s clients happen to be large, recognizable banks and retailers along the lines of Target, Walgreens, JP Morgan Chase, U.S. Bankcorp, and TiVo (here’s a
longer list).
What That Means for You
If you’ve given your email address to the companies affected, your name and email address has probably ended up in the hands of hackers. Odds are you’ve already received an email explaining the situation from one or more of these companies (we have).
So what’s at risk here? Luckily, Epsilon only had names and email addresses – no login or sensitive account information. Still, names and email addresses are enough to launch targeted email phishing scams that look a lot more legitimate than the
typical typo-ridden stories that usually get caught by spam filters.
What to Watch For
Because the hackers could have your name, your email address, and the identity of the company whose mailing list you were on, they can potentially send you phishing emails that look like they are from that company. Say you have an account with U.S. Bank, for instance. You could get an email that says it’s from U.S. Bank (complete with their logo) saying you need to “reset your account information.” Clicking on their links could take you to a web page that asks you to enter your account information, at which point that information would be compromised.
So how do you know if emails from these brands are legitimate? As a rule of thumb, you should avoid any email – even if it addresses you by name – that asks you to provide personal information. Don’t click on any of the links or open any attachments. Also, read through any notification emails you may have received from the companies that were compromised. Some of them may have specific information on what to look for.
And as always, it’s best to err on the side of caution. Avoid emails if you think they look suspicious, and contact your bank if you have questions as to whether or not a certain communication is legitimate.