Epsilon has stated that a giant security breach occurred on its online marketing firm, leaving millions of people at risk for e-mail fraud. The breach had exposed peoples' names and e-mail addresses of customers of some of the nation's largest companies including JPMorgan Chase, Target, Citibank, and Walgreens. Although the number of people affected is unknown, security experts are saying that this giant security breach may be one of the largest, and could eventually lead to surge in phishing attacks. Epsilon is a marketing firm that handles e-mail marketing lists for hundreds of clients, and is also the marketing firm that suffered this breach. While e-mail addresses don't sound as though they are really that vulnerable, experts are saying that if criminals can associate these e-mail addresses with names, and then to companies/businesses like a bank, they could devise highly customized attacks to trick people into giving more important confidential information. This technique is known as "spear phishing." Some are saying that the road maps between the customers and the banks are now basically in the hands of criminals.
A spear phishing e-mail can be much more dangerous than regular phishing attacks because it can include a person's name and is sent only to people who are known to be customers of a certain business, increasing the chance that the targets will be victimized. With the information that was stolen from Epsilon, these criminals could send the customers of JPMorgan Chase emails that appear to be from the bank, complete with their names, and if criminals cross check their name with property records of mortgage holders, they could also include their address in the e-mail.
While these companies are trying to make their customers aware of what has happened, they are also assuring them that the hackers had only stolen names and e-mail addresses and not passwords, credit card information, or other important and confidential information. They are basically saying that they may just receive spam and other sorts of junk e-mails. Although it is limited in what they can share, those from Epsilon are saying that they are conducting a full investigation on this issue. Others are thinking that Epsilon was a random attack because the hackers basically scan the Internet looking for machines with a high vulnerability rate. Epsilon just so happened to be their choice.
With the issues going on today between credit card fraud, identity theft, and things along that nature, it is scary hearing from businesses in which you are a customer, especially your bank, that your information has been stolen or released to a third party without your consent. Most people would become aggravated and annoyed. And I'm sure these major companies are dealing with complaints as well as trying to fix this problem.
Article Name: After Breach, Companies Warn of E-Mail Fraud
by Miguel Helft
http://www.nytimes.com/2011/04/05/business/05hack.html?_r=1&ref=technology
No comments:
Post a Comment