Home Depot released additional details Thursday about the massive breach of its payments systems that it previously announced in September. Perhaps the biggest news it had to share was that hackers had stolen about 53 million email addresses from files unrelated to the payments system, though no passwords, payment information or sensitive personal information was in the files containing the email addresses.
It may not seem like a big deal — after all, few of us keep our email addresses a secret — but if your email address was involved in this breach, there are some risks you’ve been exposed to, and you need to know how to respond to them.
How to Know You’ve Been Affected
The first thing you’re probably wondering right now: “Does Home Depot have my email address?” In its latest statement on the data breach investigation, the company said it will notify people whose email addresses were stored in the stolen files. That being said, you need to be wary of any emails saying something along the lines of “Your email was compromised in the Home Depot data breach,” because plenty of scammers will seize this opportunity to deceive you with legitimate-looking emails aimed at infecting your computer with malware or stealing more information from you.
As a general rule, you should know how to spot scam emails and avoid their traps, even if you don’t think your information has been compromised in a recent data breach.
“Now you have to be much more aggressive in being careful,” said Adam Levin, identity theft expert and chairman and co-founder of Credit.com, “which means you don’t click on links if you get something that appears to be coming from a bank or a retailer. This is where you shouldn’t trust; you should verify.”
How to Spot Phishing
Phishing is the practice of impersonating a legitimate person or brand as a way of tricking you into sharing sensitive information. Phishing can happen in text messages and on social media, but it’s a common tactic used in emails, and they often prey on your curiosity or concerns.
“Essentially you’ve gone from an annoying, but not terribly dangerous, intrusion in your life, in having your credit card number stolen, to potentially becoming an accomplice in the theft of your own identity because you responded to phishing,” Levin said.
In the wake of this Home Depot revelation, you should watch out for messages prompting you to change passwords, re-enter account information or provide personal details to someone claiming to help you avoid attacks from the Home Depot hackers. A similar scam unfolded after hackers stole nude photos of celebrities from iCloud, and Apple started sending emails to people so they would know when their iCloud accounts were accessed. Scammers jumped on the opportunity to send fake iCloud emails, counting on people’s concerns they’d been hacked.
How to Protect Yourself
Warning emails you receive about getting hacked may or may not be real, so don’t click on links in emails of this nature. If you want to change passwords, it’s best to visit the site on your own, rather than follow directions in an email.
Think about how many accounts you have where your email address is the login. That means a hacker needs only to guess your password to access it, and if you use one password across multiple accounts, the hacker’s job is that much easier. Use two-factor authentication for logging into accounts that offer that feature, and update your password when you’re concerned it could be compromised.
More than anything, exercise caution. If an email looks suspicious, it’s probably not worth clicking on. Carefully look at the sender’s email address, because misspellings or completely unrelated addresses are almost certain signs of a scam.
The constant threat of data breaches means you need to monitor your online presence and more sensitive data, like bank accounts and credit scores, for signs of fraud (and you can see your credit scores for free on Credit.com).
More on Identity Theft:
- 3 Dumb Things You Can Do With Email
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?