Embedded Files
Post date: Apr 08, 2011 6:13:46 PM
7 Tips to Avoid e-Mail Compromise
The Epsilon e-mail breach has raised many questions about how organizations impacted by the breach should respond to their customers.
The greatest concern is about the prospect of targeted phishing attacks, more commonly known as spear phishing.
Epsilon, an online marketing unit of Alliance Data Systems Corp., announced April 1 that an outside intrusion had hacked into some of its customer files. Epsilon sends e-mail campaigns and offers to consumers who register for a company's website or who give their e-mail addresses while shopping. The company sends more than 40 billion e-mails annually and also runs loyalty programs for credit card users.
So far, more than 65 companies are confirmed or suspected of being affected by the breach. While e-mail addresses themselves are not considered sensitive information, the hacker's ability to associate those e-mail addresses with other information is a concern, says Nicolas Christin, associate director of the Information Networking Institute at Carnegie Mellon University. "The e-mail address by itself does not have that much value. But when you combine the e-mail address with other information, it's easy for fraudsters to turn that combined information into cash," Christin says.
'Massive Spear Phishing'
Mark Bower, a data security expert for Voltage Security, says the fact that hackers were able to access e-mail addresses and consumer affiliations with specific companies creates a "high-risk" phishing concern. "It gives the attackers and the spear phishers something much more meaty to go after," Bower says. "Now they can send an e-mail asking if the consumer is a customer of a specific bank or retailer or hotel," and then direct consumers to targeted malicious links. "We all think about e-mail addresses as being fairly benign; but when you think about e-mail addresses being affiliated with a mortgage company or a bank, then you can see how a hacker can put information together to turn that data that is benign on the surface into cash.
http://www.bankinfosecurity.com/articles.php?art_id=3514&rf=2011-04-08-eb
Page updated
Google Sites
Report abuse