This week consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton and others, letting them know that their e-mail addresses have been exposed due to the recent Epsilon data breach.
This provides a perfect opportunity for cybercriminals, who may try to take advantage of the breach to send out phishing e-mails designed to steal user names and passwords.
Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing or spear phishing ones.
Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel the effects for decades.
Email addresses fall in the middle because consumers have the ability to change them, but often weigh the pros and cons and keep them for convenience sake. This is what makes getting phished a higher probability.
McAfee Labs believe scammers will probably wait until they figure out how best to turn their scams into money, and may wait until the news cycle dies down.
That’s why it is important for consumers to stay vigilant for a period of time…really for the entire time you posses a hacked email address.
Here are some tips for consumers to stay safe:
- Consider ditching your compromised address and starting new.
- Be aware that companies will never ask you for credit card information or other personal information in email. If you are being asked to provide that information, it’s a scam.
- If you are suspicious of an email, go directly to the Web site of the company that purportedly sent it and don’t follow links in the email as those may be fraudulent. Call the company’s number listed on their Web site, not the number in the email as that may be a fake
- Consider unsubscribing from email communications and re-subscribing using a new email address for commercial communications. That way you know that messages that land in that new inbox are more likely to be genuine as the new address wasn’t part of the breach
- Use the latest security software, including Web security features to protect you from going to malicious Web sites such as phishing sites