They Got Their Precious. And We… Well We’ll Get Spammed. Yay.

There’s a heated battle being waged from within the Internet Marketing arena, verified info. If you are a list owner and can prove that you have a list chock full of vetted emails, and even better the corresponding first and last name(s) of the email owner, AND even better than better their phone number(s) and address(es) it’s like you’ve won the Powerball Lottery. A vetted email with corresponding information seems like small potatoes these days as the number of hacking and phishing attacks aimed at large corporations continues to climb. As the famous “Wall Street” quote states, “Greed Is Good.” But let’s face it, it’s only good for the ones profiting and that’s where the hackers come in.

This past week (Thursday (3/31) and Friday the 1st aka April Fool’s), Epsilon Interactive, an industry-leading provider of email marketing services for large corporations, was hit with a major security breach. Approximately 50 of their clients’ accounts containing vetted email addresses was the target and the mission seems to have been accomplished successfully. Epsilon is estimating that the 50 clients makes up about 2% of its business. That’s one way to look at it. Regardless, that’s of little consolation to the many of us who are on lists belonging to that 2% faction.

What Can They Learn About Me?

Depending on how deep the hackers drill down — if they run a de-duplication program, they could match up email addresses with first and last name and then figure out a profile with the information ascertained from the 50 companies’ lists. For instance, over the past weekend as I received email warnings from companies whose lists were affected I began to build a profile on myself. I received alerts from:

• My personal bank on behalf of my accounts (I have multiple accounts) *cringe cringe cringe*
• My personal bank on behalf of my  credit card
• My personal bank that is also my mortgage holder (What can I say, I really like the bank?!)
• New York and Company
• Target
• Walgreens
• and a few others (email broadcasts are great ways to improve your own… I belong to a lot of lists and with that comes a heightened risk)

From this list of bullets, the hackers could build a profile on me that I am more than likely a 20-45 year old female, in a middle income bracket who enjoys clothes shopping as well as a good bargain from my local pharmacy/food retailer. This is all because, according to PCWorld.com, “once scammers know their victims’ names and e-mail addresses, along with the companies that they do business with, they can craft very targeted “spear-phishing” e-mail attacks that try to trick victims into revealing more sensitive information such as passwords or account numbers.” So don’t fall for it!

A few news outlets have had the pros come out and they have even downplayed the severity of this situation by saying, it’s not like your social security number, credit card or bank account numbers were breached. Fair enough, dear experts, but as far as I’m concerned my email address is as valuable to me as any of my other personal accounts.

What to Look Out For

When it comes to receiving email alerts/notifications from your bank, the best words of advice I can ever give anyone is to not click on the links in the email. Instead, open up a FRESH Web Browser Window. Do not use a currently opened window, it may not be as secure. Think of it like this, FRESH IS BEST. Then type in your account information through the secured server hosting your account.

Here are the two potential outcomes of the email breach, both easily can occur in tandem too:

• Our email addresses will receive a heightened amount of Spam before our email hosts spot the flood and create a dam.
• Phishing attack emails that have embedded Trojans will be sent or and email will arrive in your box that will lead you to a page that is mirroring the institution’s home page that  you are trying to access, will be sent

In either event, do not click on links provided in the email. Instead go on your own to the website.

Also please remember, none of these companies will ever ask you for personal information in order to “verify” an account. This is the epitome of a phishing scam.

To learn more about the Epsilon breach and about the companies affected you can visit:

• PC World.com “What You’ll Need to Know”
  [Highly recommend reaching this first article if you do not read anything else.]
• PC World.com “50 Clients Hit by Security Breach”
• PC World.com “Bank Customers Warned After Security Breach Involving Email Addresses”

Although Epsilon will not outright disclose to the public which of the 2500 clients were affected, SecurityWeek, as reported by PCWorld.com, has put together and provided a list of what they have found thus far:  Kroger, TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, The College Board, Disney Destinations, Best Buy, and Robert Half Technologies.

If you have a question about Scamming, Spamming, Phishing or Email attacks — hit me with your best shot — I’ll be more than happy to take a crack at answering!