“Spear Phishing” is a very dangerous threat to users, because the spammer sending out the “phish” is trying to lure you to a fake version of a well-known website and knows that already you are a customer or user of that website. Phishing is general is a technique to get users to reveal login IDs and passwords, bank account or credit card numbers, to steal your money, plain and simple.
Over the weekend, it was announced that online marketing company Epsilon suffered a data breach that allowed hackers to steal millions of email addresses used by companies in their online marketing campaigns. Affected banks include Citibank, JPMorganChase, Barclays Bank, US Bancorp. Other affected companies include Target, Walgreens, Walt Disney, Marriotts, Hilton Hotels, Ritz-Carlton, Best Buy, L. L. Bean, Home Shopping Network, and TiVo. The College Board was also affected.
What does this mean for you as a consumer? From now on, when you receive an email from any of these companies (and probably others), you should NOT click through any links contained in the email. Go directly to the company’s website, starting at the home page, and then search for the offer or the announcement that interests you.
What does this mean for the affected companies. (1) Time to get a new online marketing vendor. (2) A probable loss in the effectiveness of your online marketing campaigns, at least for email, and (3) it is important to get out in front of this issue, so your customers don’t get victimized by scams.
This is a story in progress, and we will probably see more bad news for at least a few days.