Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • PC Hardware

    Epsilon Breach a Treasure Trove for Phishing Attacks

    Written by

    Fahmida Y. Rashid
    Published April 4, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Security experts warned that users needed to be extremely vigilant and brush up on their security awareness to ensure they don’t fall victim to phishing emails expected after a data breach at a major marketing firm compromised several email lists.

      Epsilon, a large email marketing services company with a roster of A-list clients, disclosed April 1 that attackers had stolen customer data belonging to several of its clients. While the extent of the breach is still under investigation, the initial list of affected companies reads like a “Who’s Who” of some of the largest companies, including several financial organizations, major hotel chains and big retailers.

      The company warned that thieves might use the information to launch a phishing campaign to trick users out of more sensitive personal data.

      While the breach is “remarkable” because of the number of companies and customers it affected, it is important to remember that it could have been “much worse,” had credit card numbers, social security numbers or other similar types of personal information been compromised, Alex Eckelberry, general manager of the security business unit of GFI Software, told eWEEK.

      That said, the breach should not be taken lightly, according to Eckelberry. “It’s another reminder that privacy is an illusion on the Internet,” he said.

      Some security researchers felt that downplaying the incident may be more dangerous for consumers. When attackers have a large list of names from each of these organizations, it simplifies the targeted attack, Marcus Carey, a security community manager at Rapid7, told eWEEK. Hackers now have more details on victims, and the fact that attackers will now know who people expect to receive email from is a “big deal,” Carey said. Instead of sending out emails purporting to be from JPMorgan Chase to everyone and hoping to trick a handful of customers, the scammers now have an exact list of people who are already customers and won’t immediately dismiss the emails out of hand.

      The Epsilon breach is a “treasure trove” for cyber-attackers interested in launching spear-phishing attacks against individuals, Joris Evers, a McAfee spokesperson, told eWEEK.

      Security experts all agreed that the breach means users must be even more careful than usual about opening or clicking links in emails. Customers should think about the likelihood of an email being legitimate before taking action. For example, they should consider whether the institution usually sends an email, or sends messages with links to click on. If not, suddenly getting such a message is a clear indicator that it is likely spam, Amol Sarwate, vulnerabilities research lab manager at Qualys, told eWEEK. If customers usually get monthly statement reminders, any “out-of-band” mail should be considered suspicious, Sarwate said.

      “Due to the nature of how email works, it is not possible for everyday users to distinguish between email sent by their institution or by hackers,” Sarwate said. Even if a message contains official logos or the color scheme and page layout looks legitimate, customers should refrain from clicking, he said.

      “After all, it just takes one click for a compromise,” said Sarwate.

      However, the specter of phishing is serious enough without complicating the worst-case scenario, according to some experts.

      “Some people” are taking the implications of the Epsilon breach “too far” by claiming a targeted email message can be carrying a virus that exposes the user to data theft just by opening the message, Abrams said. While theoretically it could happen, Abrams said he was unaware of any current zero-day vulnerabilities that would enable this attack.

      Training and education are critical to make sure people are more security-savvy. Organizations should be training their employees using recent breaches, especially spear-phish attacks, as “they are real-world examples,” Carey said. This will help companies to minimize the damage when an attack does happen, and running practice scenarios will train employees on how to react when faced with a real attack, he said.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×