Consumer Alert: Epsilon Breach Allows for Spear Phishing E-Mails
MD ( April 7, 2011) - Thousands of consumers have been or will be warned by companies such as Target, Walgreens and U.S. Bank regarding a security breach on April 4th at Epsilon, an online marketing firm based in Texas. Hackers stole names and/or e-mail addresses from Epsilon, allowing them easy access to send spear phishing e-mails to these customers.
Traditionally, phishing e-mails are sent by scam artists to random people with urgent messages that appear to come from banks, government agencies or corporate companies, hoping to bait a few recipients into divulging personal information such as bank account numbers, passwords, user IDs, access codes, PINs, etc.
Spear phishing is more effective at tricking consumers into providing personal information because scammers can create emails that appear to come from companies that the consumer is accustomed to receiving e-mails from. This causes the consumer to trust the e-mail's content, and become more likely to respond. Victims of spear phishing may also be asked to click on a link within the e-mail taking them to a legitimate looking website where they are asked to enter their personal information. In addition, spear phishing can trick consumers into downloading malware after clicking on an embedded link, and allowing hackers access to sensitive information.
“This is a serious breach potentially affecting many Marylanders,” said Attorney General Douglas F. Gansler. “Consumers should always be wary about providing personal information or clicking on any links in the emails they receive.”
To avoid becoming a victim, consumers should remember:
- Most organizations will never ask you to supply or verify personal or financial information through e-mail;
- Call the organization or business if you think you've received a suspicious e-mail;
- Always enter a website address manually rather than clicking a link in an e-mail; and,
- Use a phishing filter.
For more information on the breach or phishing scams, consumers can call the Identity Theft Unit at 410- 576-6491 or go to the website at www.oag.state.md.us/consumer.