Electronics

6 tips for surviving the Epsilon e-mail fiasco

Apr 5, 2011 11:20 AM

More companies are revealing today to their customers that they’ve unfortunately become part of the recent data break-in at Epsilon. Consumers that have shared their e-mail addresses with companies such as Target, hotel chain giants Marriott and Hilton, and U.S. Bancorp are now at risk of getting spam.

As companies begin sending official e-mails warning customers of this breach of privacy, here are some spam survival tips:

1. Do not click on any links embedded in any email—ever. The hackers responsible for the data theft at Epsilon know that specific e-mail addresses are tied with specific customers and start performing very targeted phishing attacks. For example, a very official-looking (but bogus) Citibank message can now be sent directly to unsuspecting Citibank customers, asking them to click on the email’s link to update their online account access. Naturally, the link in the bogus e-mail goes to a Citibank doppelganger—and the hackers now have your personal account info.

Keep your anti-virus software up-to-date. As with any piece of spam, there’s a chance that it might carry viruses or malware, bad software such as key-loggers that will capture what you type—such as bank account data and website log-in information—and send that back to the bad guys.

Go directly to the source. If you suspect a company is indeed trying to contact you about important changes or information regarding your account, go to the respective company’s website directly from your browser. (See tip #1.) Better yet, choose another means of contacting the company, such as calling its customer service number or visiting a local bank branch or a company’s retail outlet.

Safeguard your personal info. Keep in mind that legitimate companies will never ask its customers for personal data such as Social Security numbers, credit card information, or online log-in credentials via e-mail.

Be wary of “spectacular deals.” As the world’s largest online marketing firm, it’s not surprising that most of the Epsilon e-mails sent on behalf of retailers such as Target might have been sales pitches. Hackers could try the same tactic, but of course, choosing to direct you to bogus websites or sites cloned to look like the real thing. (See Tip #1, again.) As with suspect food: When in doubt, throw it out.

Consider changing your e-mail address. If you’re really concerned about spam and possible hacker attacks as a result of this Epsilon breach, set up a new separate e-mail address to deal with your banks and other companies. There are plenty of free Web email services now and some, such as Google’s Gmail, offer powerful search and filtering tools to help you manage messages.

For other tips, check out the Consumer Reports Guide to Online Security.

US data breach hits Target, Marriott customers [Reuters]
Thousands more Canadians notified of email hacking [The Star]
Epsilon security breach exposes thousands of email addresses [Christian Science Monitor]

—Paul Eng

More About: anti-phish | anti-spam | data breach | e-mail | Epsilon | hackers | online scams | online security | phish | spam | tips | Computers and Internet | Consumer protection | Electronics | Electronics | Money & Shopping | Safety advice | All Safety News