Epsilon Attack Raises Awareness of Phishing

Michael Essany Headshot by Michael Essany on April 6, 2011
emails.png

Last week, Epsilon — an email marketing company which sends 40 billion emails annually — announced that its system had experienced a security breach, potentially compromising massive amounts of corporate client information.

Walgreens, Best Buy, and Citigroup are among several prominent U.S.-based companies that work with Epsilon. Intuit is not an Epsilon customer.

Although the scope of the attack is massive, few specific details are known about exactly what happened. What is certain about the cyber attack is that millions of email addresses and names were wrongfully acquired during the breach.

“The information that was obtained was limited to email addresses and/or customer names only,” Epsilon has formally acknowledged. “A rigorous assessment determined that no other personal identifiable information associated with those names was at risk.”

Although the nature of information compromised doesn’t appear to be of a critical nature, the incident speaks to a larger concern — specifically, the growing threat posed by “phishing,” an all-too common practice defined as criminal activity aimed at fraudulently obtaining and capitalizing on one’s personal information.

Methods typically employed during phishing attacks include:

  • Falsified or “spoofed” email addresses fashioned to confuse recipients
  • A nefarious site designed to appear as a legitimate web link
  • An outright forged — or faked — website aimed at tricking users into supplying personal information or passwords

Graham Cluley, a senior technology consultant with security firm Sophos, says that while the Epsilon breach is scary, the outcome could have been much, much more severe, as the responsible cyber criminals didn’t ultimately make off with social security numbers, driver’s license information, or credit card numbers.

“The biggest danger here really is that spammers could then target you with email pretending to come from these organizations,” Cluley warns. “You might get fooled into being phished for your login information or being sent malware or a dangerous web link.”

The Epsilon data will likely lead to more phishing attacks, especially in the short term. Here’s how to protect yourself.

  1. Avoid opening suspicious emails, particularly those with attachments promising security or software updates
  2. Use an up-to-date browser that delivers anti-phishing features
  3. Never respond to emails requesting passwords or sensitive user information
  4. Stay current with the latest releases and security patches for your operating system
  5. Report suspicious or fraudulent messages/emails to the company that is being spoofed in an apparent phishing scheme

Fore more information about this attack and helpful tips, please visit the Intuit Online Security Center.

Michael Essany Headshot

Michael Essany is a business writer for Intuit and is passionate about solving small business problems.

Advertisement