As you have no doubt heard in the news, email-marketing company Epsilon recently suffered a data breach. Some of the companies who use (or, used, may be a better term) include Bank of America, Target, Tivo, Hilton, Marriott, and JP Morgan.
According to reports – the breach was limited to email address of customers, and perhaps customer names, as well. Epsilon has been very careful to point out that no other personal information was breached. While that may sound like good news – email addresses and names are enough information to initiate a very specific type of ‘phishing’ attack – called ‘spear-phishing’.
In ‘phishing’ attacks, hackers send out emails to a group of people and try to convince them to enter in their personal details – such as account names or email address or perhaps download a virus. A recent example was where an email that appeared to come from Corporate IT to all users instructed users to click on a link and enter in their user ID and password or else their account would be deleted. When the user clicks the link and enters the information they are actually giving account access to the bad guys.
‘Spear-phishing’ attacks are even worse – spear-phishing occurs when the bad guys target a specific user. These attacks have a psychological effect on the person because they know they have a relationship with a bank, such as JP Morgan or they know they carry a Target credit card. The hacker sends a message directly to the account holder stating that your JP Morgan account may have been hacked and that you should immediately click a link and ‘update your password’. Again – your account was never really in danger, but you gave the bad guys access once you clicked the link and entered in your information.
So – keep an eye on your email over the next few weeks. As we always tell our customers – think before you click! It is also a good time to remind staff that data privacy and protection is everyone’s responsibility.