Targeted phishing scams could rise after Epsilon data breach

Apr 07, 2011
Consumers may see an increase in targeted "phishing" attacks after a massive data breach at one of the world's biggest marketing services.

A wave of alert emails has been distributed over the last few days as Epsilon, one of the nation's largest marketing services, deals with what could end up being one of the largest data breaches in U.S. history. Customers of major banks, grocers, and hotel chains have been receiving notifications alerting them that their names and email addresses may have been compromised.

Consumers may see an increase in targeted "phishing" attacks after a massive data breach at one of the world's biggest marketing services.

The good news for consumers is that there is no indication of any , like (SSN) or bank account information, being stolen. But Indiana University's Center for Applied Research encourages citizens to be aware of potential scams in the wake of this massive data breach.

"The concern here is that attackers, armed with knowledge of customer e-mail lists, could craft very convincing phishing emails to trick customers into revealing further personal information such as passwords or SSNs," said CACR Deputy Director Von Welch. "It's also plausible that attackers use other public information such as phone books to look up customers' phone numbers and make fraudulent phone calls."

"Phishing" emails are called just that because of their fraudulent intent to "fish" information from unsuspecting users. They may appear to be from your bank, social networking site, or an organization you belong to and even feature official-looking logos. Some common methods of attempting to obtain information include:

  • Asking the recipient to call a number, at which point he or she is asked for personal information

  • Threatening the closure of an account unless the recipient responds within a certain period of time

  • "You've won a prize." Lottery scams are all too common and should be treated as phishing attempts
Legitimate companies should never ask for personal information via email. If you have doubts about the legitimacy of an email, contact the customer service department of the organization who sent it to you using a phone number or you got from a trusted source like a phone book, paperwork from when you opened an account, or the back of a bank card.

Recipients may also receive emails with embedded links. The phishing email will ask the user to click on the link, which may appear legitimate at first glance. But hovering your mouse over the link may reveal a different destination, a clear sign that the link is not accurate. Another clever method uses "typo-squatting," or "cybersquatting." A user may be asked to click a link that looks legitimate, until a closer look reveals that the company name is misspelled. "Mircosoft" or "Micosoft" are common examples.

Fred H. Cate, director of CACR, said data like those stolen in the Epsilon data breach give attackers a better chance of succeeding.

"Phishing attacks aren't new and happen every day. However, having information like names and email addresses has the potential to support targeted phishing email messages, which IU research shows are far more likely to fool unsuspecting recipients than bulk phishing email," he said.

Even if a consumer hasn't received a notification that personal data may have been compromised, the CACR encourages all citizens to be actively alert for potential email scams.

Explore further: Google Trends info is placed on inbox duty for subscribers

add to favorites email to friend print save as pdf

Related Stories

US banks, companies issue warning after email hack

Apr 04, 2011

Computer hackers gained access to the email addresses of customers of several large US banks and other companies in a potentially huge data breach at US online marketing firm Epsilon. ...

Phishing Attacks in May Jumped More Than 200 Percent

Jun 30, 2005

The phishing season is officially open. Phishing – using fraudulent emails to try to dupe recipients into revealing personal or financial information -- reached its highest level in May, according to IBM. The month Global ...

Researchers fight phishing attacks with phishing tactics

Oct 02, 2007

Early findings by Carnegie Mellon University researchers suggest that people who are suckered by a spoof email into visiting a counterfeit Web site are also people who are ready to learn their lesson about “phishing” ...

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

6_6
not rated yet Apr 09, 2011
just reading about this on http://news.cnet....245.html after receiving such notifications

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

UAE reports 12 new cases of MERS

Health authorities in the United Arab Emirates have announced 12 new cases of infection by the MERS coronavirus, but insisted the patients would be cured within two weeks.

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...