Log in

No account? Create an account
Previous Entry Share Next Entry
Spear-phishing warning
Just in case you haven't already heard the news: there was a major security breach in a big online marketing company, Epsilon. According to reports, there weren't any credit cards or suchlike compromised. Unfortunately, what *was* compromised is the magic triplet of email address, personal identifying information, and the company you are doing business with.

What does this mean to you? It means there is likely to be a huge spike in low-grade spear-phishing. You know the routine phishing emails that we all get frequently, that claim to be from some random company, and want you to log in there? Those are about to become a *lot* more effective. You're likely to get emails that appear to come from a company you do have business with, including information like your name and address; they will likely have links taking you to websites that appear to be real but are actually faked, designed to capture the rest of your personal information. (Especially credit card and social security numbers.)

So be vigilant for at *least* the next few months. While the perpetrators might get caught, the likelihood is that the cat will be out of the bag, and a lot of abuses will be committed with this information...

  • 1
I've gotten warnings from at least three different sites about that; I guess a lot of companies used services from Epsilon.

And therefore I send my father an email reminding him to keep an eye on my mother's email-- you've probably just prevented her from getting into trouble by enabling me to send that warning. (My father is a programmer; I'm not afraid he's going to fall for it. My mother is *determinedly* computer illiterate and will fall for it if allowed to. And then get mad at me or my father for allowing it.)

It's probably best not to follow links at all from email for a while, but type the URL directly in (or use a bookmark) to get to the site desired. I've gotten an alert or two myself about it. Thanks for the heads-up--I hadn't thought to warn my very non-techy relatives.

I don't worry quite so much about following links -- I just make sure to read the actual destination URL (as opposed to what it claims the URL is) before clicking. But explaining that particular subtlety to folks is probably more trouble than it's worth...

Very nice explanation, I may have to crib from it.

Feel free.

(And how do? Haven't chatted in a while. I was thinking of you the other day: I'm interested in seeing Sleep No More, but have little desire to go on my own. If you have any interest, it might serve as an excuse to come visit...)

I'm doing well, although work has opened a branch office in crazyville, as I'm sure you can imagine. I don't think I'm going to Sleep No More, but if there is anything else that might lure you, I'd love a visit. I have tix to the Harry Potter exhibition during the girls vacation week, but that's probably not your cup of tea.

Heh. Not enough on its own, no, but not uninteresting -- I did read all the books as they were coming out. No promises, but what week?

I got a slew of warnings from places I've done business with like Best Buy, Citigroup, etc. I was amused to note that the very first one I got, at least 6 hours in advance of the big buys, was from abebooks.com.

Not really surprising: probably a lot fewer levels of bureaucracy that the letter had to go through...

Thanks -- have warned my more credulous relatives.

My first note about this was from Brookstone; I replied that I had told them when I placed my order not to send me email, but they'd been spamming me for years anyway.

  • 1