Kirsten here from AllClear ID.  As reported in the NY Times and across many other news sites, e-mail marketing giant Epsilon was the victim of computer hacking, compromising the information of countless consumers.  Because of the large breadth of companies and customers affected, there’s a chance you may have already received an e-mail from one of the affected companies with disclosure of the breach.

In this attack, names and email addresses were stolen, exposing consumers to the risk of targeted phishing attacks.

What is Phishing?
“Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.”  Source: ComputerWorld

How Does Phishing Happen?
Let’s say you’re a customer of one of the affected companies. The hacker now has your name, email, and the knowledge that you are used to receiving emails from that company. This makes you much more likely to respond to a request for more personal information, such as your bank account number, login information, or even Social Security number.  Phishing thieves specialize in making e-mails and websites that mirror the brand they’re spoofing to make you more likely to give away sensitive information – even when request is fraudulent.

Here are some tips to manage your personal information in the wake of this breach.

  • Check out this list of companies whose databases were breached. If you are a customer of one of these companies, be extra cautious when you receive emails from them.
  • Do not reply, click on links, or call numbers listed on emails requesting personal information. Legitimate companies will not request information in this manner. If you suspect the request is real, type in the company’s web address in a new window or call the number listed on your most recent bill to further investigate.
  • Review the FTC Tips on “How Not to Get Hooked by a Phishing Scam” located here.
  • Make sure your anti-virus software, firewall, and anti-spyware software are all up to date. Some phishing emails can contain software designed to harm your computer or track your activities and information.
  • If you’ve received spam phishing for your information, forward the email to spam@uce.gov as well as to the organization impersonated by the email. Most organizations have information on their websites about where to report such problems.

These tips are useful whether or not your information was compromised in the Epsilon breach. We can all be targeted by phishing, but by exercising caution we can reduce the probability of becoming a victim.