A Texas-based marketing company called Epsilon had its database stolen by hackers on March 30. Unfortunately, Epsilon does contract work for Best Buy, Walgreens, Marriott Rewards, TiVo, Citigroup, US Bank, JPMorgan Chase, the Home Shopping Network, and dozens of other companies. If you have ever done business with any of any of these firms, your information undoubtedly was in the Epsilon database and probably was stolen.
The stolen information reportedly was limited to email addresses and/or customer names only, according to Epsilon. I guess we have to take the company's word about that although I do admit to having doubts. In any case, you probably are going to receive more spam mail than normal in the coming months as the spammers use these mailing lists in an attempt to hoodwink you into giving away personal information or purchasing questionable goods.
The main danger from this is an increase in “spear phishing” attacks — nerd-speak for targeted email spam. In traditional phishing attacks, criminals send email messages to millions of people with a message that appears to be from a bank or other real business, hoping that some of the recipients will be customers of that business and will follow instructions to, for example, “update your account information.”
A spear-phishing email is far more dangerous because it can include a person’s name and is sent only to people who are known to be customers of a certain business, greatly increasing the likelihood that the targets will be duped.
Of course, the messages are never sent by the companies that are shown in the return address. The email message may claim that it was sent by JPMorgan Chase or Best Buy or Citibank, but that is always false. The addresses are forged, something that is easy to do.
For example, if you are a Citigroup customer, you might receive a legitimate-looking e-mail message claiming to be from a Citigroup representative, suggesting that you need to update your personal information. If you do so, you could find unwelcome charges on your next credit card bill.
There are several things you can do to protect yourself. They include:
Remember: knowledge is power. First of all, you already know the security breach has occurred. You are now aware that you have to take such messages with a large grain of salt.
Examine the wording carefully. Financial institutions, government agencies, and legitimate businesses never, ever send e-mail messages demanding that you update your personal information and provide such sensitive information as a bank account number, PIN, or social security number. If you receive such a message, it’s a scam.
Check the link. In most email programs, you can hover your cursor over any link and wait for the tooltips window to appear. Take a look at the address in this window rather than the one printed in the link. Does it lead you to the web site it purports to, or are you being directed to something that sounds legit, but on closer examination clearly isn’t?
Don’t click the link. Scammers can be a clever lot and can fashion messages and links that look very convincing. Do not click links in these messages. Instead, if you’re concerned, launch your Web browser and go directly to the web site of the company you believe has contacted you (typing in the address yourself rather than pasting in a link). Check your account information. Do you see any notices there that confirm the e-mail message you’ve received? Probably not, but if so, give the company a call and speak to a representative.
Check the IP address. Return addresses for these messages are routinely forged, so don’t trust the legitimacy of a message based on the sender’s address. You may, however, be able to clear up some confusion by checking the sender’s IP address. Finding the IP address will be a bit different for every email program. For example, to do this in Google’s Gmail, first click on the down arrow beside the message’s Reply button, and choose “Show original.” To do this in Apple’s Mail, select the questionable message and choose View -> Message -> Long Headers. Once you are looking at the questionable message, preceded by some lines of “Delivered-To” and “Received” text, you want to look at the entries that appear after Received—specifically, the entry in the form of [123.45.678.000] farthest down the list.. This entry shows the IP address where the message originated. (Ignore any addresses that start with 192.168 or 10.0 as these are IP addresses used on a local network.) Having found this address, go somewhere like Geobytes’ IP Address Locator at http://www.geobytes.com/iplocator.htm, enter the address in the IP Address To Locate field, and click Submit. A second or two later you will be told the region location for the address. If you see a location in Eastern Europe or Asia or the Pacific or anyplace else that doesn't make sense, you’ve been contacted by a scammer.NOTE: Checking an IP address isn't foolproof. Some spammers use a VPN (virtual private network) to "tunnel" to a server in a North American or European country. If so, the IP address will reflect that county's location. Also, some spammers have developed methods of "cloaking" an IP address, meaning the IP address is hidden or forged.
In short, if the IP address is from some third world country, other than from where it claims to be, you KNOW it is forged. Even if the IP address looks legitimate, it MIGHT be forged.
As always, a wise consumer provides his or her own best protection. Be cautious before clicking that mouse.
If you enjoyed this article, please Tweet it, share it on Facebook or on your preferred social network.
Of course, if you haven’t done so already, you can join my email newsletter mailing list to stay current on my latest articles and announcements. You can also cancel at any time within seconds. I promise to never, ever send you any unrequested e-mail, other than newsletter updates.