If you’re like me you’ve done business with at least one of these companies:
TiVo, Walgreens, US Bank, Disney, JPMorgan Chase, Capital One, Citi, Home Shopping Network, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, or The College Board.
These are just some of the companies whose email lists were exposed earlier this week, when Epsilon, the world’s largest email marketing firm was hacked. Fortunately, the security breach was limited to email addresses and names, and not more sensitive information, like credit card numbers, or social security numbers. But the breach warrants a reminder to be diligent in processing your email.
Imagine I’m a bad guy…
I’ve hacked into Epsilon and have obtained hundreds of thousands of email addresses for, let’s say, Capitol One customers. Now I just build a website page that looks like a Capitol One website page, create an email that looks like it originates from Capitol One, send it to the thousands of Capitol One clients and wait for innocent victims to log into my website with their Capitol Once username and password. Now I have all I need to log into the victim’s real account and steal their sensitive information, their reputation and their money.
It’s called Phishing. The practice where bad guys send emails claiming to be a a reputable company to unknowing customers in order to lure them into providing sensitive information.
We’ve all received phishing messages. They’re mixed in with the hundreds of emails many of us process daily. Processing email takes time and it’s a job that we may rush through, but it’s critical that we think before responding to email and be absolutely certain that the sender of the email is legitimate.
As you process your email, remember…
- Never click through to a website that claims it needs you to verify your password.
- Be suspicious of any email requesting your password or sensitive information. Reputable companies will not randomly email you asking for sensitive information.
- If you receive an email from a company and you’re not sure if it’s legitimate, do not follow the link in the website, instead go directly to the website you know to be real or call the company to inquire about the request.
More about Phishing at and about email safety in general at WiredSafety.org.