Spear-Phishing: Protecting Yourself from Targeted E-Mail Scams
Last week, the purported largest permissions-based e-mail marketing company, Epsilon, reported a systems breach where an unknown number of e-mail addresses and names were stolen. If you’ve never heard of Epsilon, chances are fairly good that they’ve heard of you. It is reported that Epsilon sends 40 billion e-mail messages per year on behalf of 2,500 clients like Capital One, Best Buy and American Express.
While the potential ramifications for such a breach are staggering, Epsilon reports no other personal information was taken other than e-mail addresses and names. Still, there remains the real threat that this information may be used for malicious purposes through targeted “phishing” scams. Sometimes referred to as “spear-phishing,” this involves sending out fake e-mail designed to look legitimate based on information a scammer may have on you. For example, let’s say you subscribed to receive e-mails from a well-known department store. If your e-mail address and name were lifted as part of this breach, the scammer might design a fake e-mail from that department store addressed to you knowing you may be less suspicious of receiving e-mails from that department store. This e-mail might prompt you to submit personal information like bank account, Social Security or other sensitive personal information that could lead to identity theft.
Here are a few things you can do to protect yourself:
1. Remember that e-mail is most often unsecure. Most major companies know this and thusly will never ask you to provide personal information via e-mail.
2. Never click a link within an e-mail that you are not 100% sure of. In fact, the general rule is never click links within an e-mail at all
3. If you receive a notice from someone you do business with asking you for personal information, call that company or log into their website using the domain name and credentials you have on file to determine if the request if valid.
Anytime you receive suspicious looking e-mails requesting personal information, report it to the company from whom it appears to originate. Many companies take this very seriously and can only combat the problem if they’re made aware of it. Even if the message is legitimate, you’ll at least have piece of mind and can handle the request directly with the company (as suggested in item 3 above).
If you have questions about “phishing” scams, e-mail security or other web related issues, contact a NetPass representative toll-free today at 888.26.7277 or visit www.netpass.com.