NEWS & EVENTS > Epsilon Security Breach
Epsilon Security Breach: Underground Hacker Community Poised to Scan Consumers and Transfer Funds out of their Bank Accounts
CHICAGO: April 5th, 2011
Database marketing firm Epsilon recently disclosed a security breach that resulted in many of their blue chip clients’ email lists being exposed to rogue hackers. This breach poses a significant threat because many of Epsilon’s clients such as Best Buy, Citibank, Walgreens, Barclay’s Bank US, Marriott, Home Shopping Network, TiVo and many more have had their client lists disseminated into the criminal hacker community.
Thieves have already begun using the email lists to induce legitimate
clients of these businesses to click through on emails they receive and
supply their login and password so that the users may “update” their
information. Businesses and consumers need to be aware of this breach and
should educate employees in their businesses and members of their households
to avoid clicking through on any email sent from a company they do business
with that requests their password and login credentials. These tactics,
known as “phishing” are potentially catastrophic to consumers, given the
large number of financial institutions who have had their email lists
exposed to the hacker underground community. It is important to note that
the only information that is reported to be compromised at this time is
simply the email lists.
Many individuals use a single password on multiple websites. This creates
a problem for a consumer who uses a single password for their online banking
and online shopping. These individuals might be duped into clicking through
to redeem Best Buy reward dollars and supply their password to the thieves.
Once supplied, popular online banking websites will likely experience login
attempts using the supplied credentials to the “phishing” email. It is more
likely than not, that some individuals will end up having their bank
accounts hacked and lose funds from their accounts. This situation could
pose legal risks for both the banks and Epsilon.
“Businesses and consumers need to be sure not to supply their password or
other personal information to emails that were sent to them without their
request. When in doubt, pick up the phone and call the business if you have
a concern regarding the need to respond to an email request from a company
you do business with”, advised Lee Neubecker, President of Forensicon, Inc.
http://www.forensicon.com a computer forensics and hacker investigations
firm based out of Chicago, Illinois.
Checklist to protect against phishing attacks
-
When receiving an email from someone you do business with, where they are asking you to supply information, launch a new browser and manually type in the company’s website, then login if desired. DO NOT click on a link received through email.
-
Use an email service that validates the identity of the sender to try to identify rogue phishing attacks such as Gmail which may warn the user if Gmail suspects the origin of the sender isn’t as it appears.
-
Rotate your online banking passwords and investment accounts to be a unique 12 digit password not shared with any other account.
-
Tell your friends and family, post this article to your Facebook page.
About Forensicon:
Specializing in trade secrets, employment litigation, and internal investigations, Forensicon is a computer forensics firm that provides expertise to the top law firms in the U.S. as well as corporations large and small. Forensicon offers nationwide computer forensics services for plaintiff, defense, as well as special master neutral third party representation. The firm has represented numerous Fortune 500 companies and other large privately held corporations wanting to defend against or prosecute claims of intellectual property theft. For more information, contact Forensicon at 888.427.5667, email us at contact@forensicon.com or visit our web site at: http://www.forensicon.com
