Epsilon Breach will Lead to Phishing Season Security Companies Predict

Over the weekend, email marketing firm Epsilon revealed that it had been hacked and that some of their client customer lists had been stolen.

Names and email addresses were stolen.  With the link between your email address and the particular client of Epsilon, it is now much easier to create a targeted phishing email.

Phishing emails are a type of spam that pose as emails from legitimate institutions such as your bank or phone company.  When you receive an email regarding issues with your account at “TCF Credit Union” you hit delete.   You know it is spam because you don’t have an account there.  When they know you have an existing relationship, the attacker can create an email that is much more likely to get past your skepticism.

Source: Much of this article is taken from the Barracuda Labs Internet Security Blog.

Epsilon Customers Include:

  • 1800-Flowers
  • Abe Books
  • American Express
  • Ameriprise Financial
  • Barclays Bank of Delaware
  • Bebe Stores Inc.
  • Benefit Cosmetics
  • BestBuy
  • Brookstone
  • Capital One
  • Citibank
  • City Market
  • The College Board
  • Dillons
  • Disney Vacations
  • Eddie Bauer
  • Food 4 Less
  • Fred Meyer
  • Fry’s
  • Hilton Honors
  • The Home Shopping Network
  • Jay C
  • JP Morgan Chase
  • King Soopers
  • Kroger
  • LL Bean
  • Marriott Rewards
  • McKinsey Quarterly
  • New York & Co.
  • QFC
  • Ralphs
  • Red Roof Inns Inc.
  • Ritz Carlton
  • Robert Half
  • Smith Brands
  • Target
  • TIAA CREF
  • TD Ameritrade
  • TiVo
  • US Bank
  • Walgreens

Epsilon customer list compiled by Brian Krebs

To protect yourself from phishing attacks
1.  Have a good spam filter in place.   Either you or your ISP should have a spam filter.
2.  Enable your browser-based phishing filter.  This is available in most major browsers.
3.  Use other URL filters such as BlueCoat K9 is a free effective URL filter.
4.  Be aware of how your bank will contact you.  Banks will generally not be asking you to log in from an email link.
5.  Only use known links and phone numbers.  Consider links and phone numbers in email to be very suspicious.
6.  If you use Google Mail, enable the “authentication icon for verified senders” Lab.
7.  Consider installing Iconix Phishing Protection (for personal computers)
8.  Think