Security breach leads to warning

Fraudulent e-mails might seek account information

  • Follow Business

NEW YORK --- With the possible theft of millions of e-mail addresses from an advertising company, several large companies have started warning customers to expect fraudulent e-mails that try to coax account login information from them.

Companies behind such brands as Chase, Citi and Best Buy said last weekend that hackers might have learned their e-mail addresses because of a security breach at Epsilon, a Dallas-based company that manages e-mail communications.

It's a standard tactic among online fraudsters to send e-mails to random people, purporting to be from a large bank and asking them to login at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account.

The data breach could make these so-called "phishing" attacks more efficient, by allowing the fraudsters to target people who actually have an account with the bank.

David Jevans, the chairman and founder of the nonprofit Anti-Phishing Working Group, said criminals have been moving toward more intelligent attacks known as "spear phishing," which rely on having more intimate knowledge of the victims.

"This data breach is going to facilitate that in a big way. Now they know which institution people bank with, they know their name and they have their e-mail address," said Jevans.

"You're not going to see typical phishing where 90 percent of it ends up in spam traps and is easily detected. This is going to be highly targeted," he added.

Among the affected are financial-service companies such as Capital One Financial Corp., Barclays Bank, U.S. Bancorp, Citigroup Inc., JPMorgan Chase & Co. and Ameriprise Financial Inc. and retailers including Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.

The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker might have obtained student e-mail addresses. Walt Disney Co.'s travel subsidiary, Disney Destinations, sent e-mails warning customers on Sunday. Hotel chain Marriott International Inc. issued a similar warning.

Comments (2) Add comment
ADVISORY: Users are solely responsible for opinions they post here and for following agreed-upon rules of civility. Posts and comments do not reflect the views of this site. Posts and comments are automatically checked for inappropriate language, but readers might find some comments offensive or inaccurate. If you believe a comment violates our rules, click the "Flag as offensive" link below the comment.
corgimom
26239
Points
corgimom 04/05/11 - 07:41 am
0
0
Target got hit, too. I

Target got hit, too. I already received an email from them.

BamaMan
2163
Points
BamaMan 04/06/11 - 10:01 am
0
0
I've received one from

I've received one from someone hadn't purchased from in years. Know several people that have received the same email - funny how they're all worded the same. I figured it was something fishy; too many getting the same email.

Back to Top

Loading...