Bridegroom Technologies, Inc.

 Security > 
"Computers are incredibly fast, accurate, and stupid.

Humans are incredibly slow, inaccurate, and brilliant.

Together they are powerful beyond imagination."

- Albert Einstein

Epsilon E-mail Breach Could Affect You

Sam Bridegroom  |  Posted Monday, April 4th, 2011 at 04:00:29 PM

Some may have heard about this, some maybe not; I saw this as a good opportunity to talk about online security.

Late last week, an e-mail marketing company named Epsilon suffered a data breach that exposed a database of names and e-mail addresses. The good news is that no credit card information or other personal data were involved, but the bad news is that Epsilon provides e-mail marketing services to a very large number of very large customers that include the likes of Capital One, Barclays Bank, JP Morgan Chase, JCPenney, Walgreens, Kroger and Best Buy. This is by no means a complete list, so it's safe to say that the impact is very broad.

Since the only exposure is names/e-mail addresses, the risk to use common folk is how that information may be misappropriated. The most logical use of it will be launch "phishing" attacks. I've written about SPAM before on this site, but phishing is a little different. It's still based on your receipt of an e-mail message, but the difference is that the message may have these attributes:
  • It looks like a "real" message, complete with graphics.
  • It might try to "scare" you into thinking there's something wrong with your account.
  • It might ask you to confirm your user name and/or password.
  • It might tell you there's a special message regarding your account.
  • Any combination of the above, and anything else that will prompt you to follow the links on the message.
The idea behind phishing is to dupe users into voluntarily exposing their usernames and passwords (and therefore user accounts).

Admittedly, it's not always easy to tell what's real and what's fraudulent. Here are a few things you can do to help ensure you're not being tricked.

Don't Volunteer Information

Banks and retailers do not send out things that ask you to verify your login credentials. The only time you should be asked for that information is when you're logging into the actual site.

Be on the Lookout for the Unusual

If you routinely get mail from say JCPenney regarding your online statement (or something like that), but the one you just received looks a little off, be suspicious.

Pay Attention to URL's

The page you're looking at might not be where you think it is - it looks like the site, but the address bar in your browser looks something like this:

Image:Epsilon E-mail Breach Could Affect You  (this is made up, but is indicative of what can and does happen)

Another thing to keep an eye on is whether or not you're using a secure HTTP connection; if the front of the address says HTTPS (versus just HTTP), you're using an encrypted connection between your browser and the web site. If you're conducting transactions, or even simply logging into a site, it should be over an encrypted HTTPS connection.

If you're really paying attention (and you should be), most e-mail clients will show you the URL that's going to open when you hover over a link in the message body.  Below is an example of a message I received from Dunkin' Donuts - when I mouse over the link, the URL to be launched is displayed at the bottom of my screen (in the status bar of my e-mail client).

Image:Epsilon E-mail Breach Could Affect You

In this case, the link is very legitimate. For phishing attacks, they're not.

Use Your Bookmarks

Don't be lazy when it comes to clicking on links in the message body; chances are you've already got them bookmarked in your browser, so use the bookmarks - especially if you're not sure where it's going to take you.

The Delete Key is your Friend

If you're not sure about the message you've received, then delete it. If your bank/retailer is involved in this, they'll either send you a physical letter or you can log into their website to see what if any information is available to you.

Your best defenses against phishing are things you can easily do yourself, it just takes a little bit of paying attention.

Some links of interest:
Epsilon's Press Release
Computerworld: Expect targeted attacks after massive Epsilon email breach, say experts  (there are more links to follow within this article)

Filed Under:


1Abby Butts  4/5/2011 11:03:27 AM  Good Info!

I just received an email from Walgreens this morning letting me know my email address was compromised and warning me about email scams. Thanks for the good information and this post is always relevant at all times, not just when there has been an email breach.

2Sam Bridegroom  4/6/2011 8:47:04 PM  Update: Epsilon Breach FAQ (via Computerworld)

Follow this link:

Subject: (required)
Name: (required)
Email: (required)

Site Content © 2002-2011, Bridegroom Technologies, Inc.