The Epsilon Breach: Don't Take the Bait With Phishing Scams

Some consumers are getting inundated with email warnings that their personal information may have been compromised in the Epsilon data breach.

Hackers continue to probe systems for vulnerabilities, while businesses fail to sufficiently secure customer data and, as a result, data breaches occur on a daily basis. The lack of protection of your valuable information is aggravating, and it demonstrates how important it is to take action to protect your asset: your digital identity.

[Resource: Understand your exposure to Identity theft with the Identity Risk Score]

The Epsilon breach potentially exposed the largest data set ever—billions of consumer email addresses. Epsilon clients include large financial institutions and many well-known retailers. Hackers obtained the email addresses of consumers who had opted in to relationships with these institutions, turning customers into sitting ducks for a practice commonly referred to as “spear phishing”—when criminals send a malicious email crafted with language and graphics to resemble those of a real institution. These emails can seem authentic and ask for details such as account information, PINs and passwords, or ask you to download an attachment or click on a link. Because the email comes from a trusted institution, recipients often believe they are genuine. Their intention is to steal your personal information, such as banking credentials, or install malicious malware on your computer.

What should consumers do? Here are some tips to stay safe:

1. Use extreme caution when opening emails claiming to be from any of the breached companies. Don’t provide personal, account or financial information if it’s requested in an email. Question unknown and unfamiliar parts of received emails.

2. Don’t open links or attachments in emails from suspicious or unknown sources. Even pictures, music and videos can contain malicious programs.

3. Change passwords for compromised email accounts. Use a strong password that includes upper- and lowercase letters as well as symbols. If you can’t remember all your passwords, use an application such as KeePass or Password Safe. Change security questions answers that can reset your password, and don’t provide real answers to them, such as your high school name.

4. Open a separate email address for interfacing with businesses—not the same account you use for your personal or work lives. Tweak your name—use an initial or your middle name—and add a few days or months to your birthday. Never give out your actual date of birth.

5. Update security programs such as antivirus and antimalware and firewalls to protect your computer. Viruses will destroy your data, and malware will steal your personal information.

6. Update third-party programs including Adobe and browsers such as Firefox, Chrome and Safari. Hackers often target third party applications with known vulnerabilities.

7. Review the spam filters in your antivirus program or Internet email provider. Make sure that you are maximizing its potential to quarantine malicious spear phishing emails.

8. Contact a professional if you are unsure about content you have received. You’re better off asking than being at risk.

Technology can help us mitigate these attacks; however it’s ultimately the consumer who makes the choice to click on a link or provide personal information. Before releasing your treasured data, verify the validity of the request—and don’t trust blindly.

A version of this article originally appeared on Identity Theft 911 on April 8, 2011.