Tip of the Month: Don't Bite!
- Spear Phishing attacks rely on bits of factual information about their targets, often obtained illegally, and use it to make their scam emails seem more genuine. Disguised as a legitimate source they then use plausible-sounding reasons to get you to give them even more personal data usually by including a link that takes you to their bogus web site.
- On March 30th, Epsilon, a major email marketing services provider experienced a security breach that compromised the customer data of a number of businesses that utilize Epsilon's email marketing services. The breach affected over 90 high profile companies that included Walgreens, Best Buy, Verizon, Capital One, Citibank, JP Morgan Chase, Marriott, and Kroger. While no sensitive data was stolen, customer names and email addresses of the companies affected were exposed.
What does this mean to me?
- This exposure has triggered an increase in phishing attacks that use the knowledge of these customer- business relationships to attempt to trick users into sharing information, navigating to fake websites or opening infected attachments. Be on the lookout for emails from any company, even those that you have legitimate relationships with, that ask for personal information, contain attachments, or ask that you contact them via phone numbers or links provided in the message.
How can I protect myself?
- Be careful about any communications you receive, even those claiming to be from entities that you trust.
- Never respond to unsolicited email messages.
- Never respond to any email asking for your private or financial information. No legitimate business will ever ask for this information through email.
- Do not click on links or call phone numbers provided in emails. If you think that the message is from a legitimate source, close it, open a browser, and go to the website that you know belongs to them (or call the phone number that you know is their's).
- Do not respond to emails asking to “verify your information”or “confirm your user-id and password”.
- Never enter personal information in a pop-up screen. Doing so could compromise that information.