Epsilon is a company that sends more than 40 billion emails each year on behalf of its 2,500 business clients, many of them household name retailers. Earlier this month, approximately 2% of Epsilon’s clients, estimated at more than 50 companies were affected by an email breach. SecurityWeek has confirmed that affected companies include US Bank, Brookstone, Best Buy, The College Board, CitiBank, Walgreens, Disney Destinations, McKinsey & Company, Home Shopping Network, JPMorgan Chase, TiVo, Kroger, Capital One, Ritz-Carlton Rewards and more.
Pacific Service CU was not affected, however, many of our members may have been exposed through other relationships. It is possible there are scammers out there with the names, email accounts and, potentially even, information about the companies with whom you shop or do business. The risk is these fraudsters may exploit your active company relationships and attempt to steal your identity and personal information. It’s a good time to remember to be cautious and aware about potential online scams.
Here’s how a potential scam might work:
Phishing and Vishing are types of deception to obtain sensitive personal information. An email is sent mimicking the appearance and identity of a company where you shop. The email may request that you update your account information, a credit card number or a password. Or, the scam might try to get you to visit fraudulent websites. A “spoofed” site could have malware or viruses that affect your computer, or they could encourage you to conduct transactions or update or verify your account information.
With the Epsilon breach, fraudulent emails could avoid spam filters because they are targeted to known customers, which could result in a greater likelihood that their attempts will be successful in convincing consumers to respond.
Here’s what you can do:
First, protect yourself by staying alert and acting cautiously to any requests for your personal information.
Don’t respond to unknown solicitations and don’t give your personal information to unknown people or companies. If you’re suspicious about an email you’ve received, you should visit the company’s website directly by inputing the URL or using a bookmark. Do not click on the response link in an email. Better yet, call them if you’re concerned. Be sure to use a phone number not contained in the email.
Avoid downloading files, emails or attachments from unknown sources because they could contain malware, viruses or links to counterfeit or “spoofed” websites.
Second, protect yourself and your computer while using the Internet, by keeping your computer’s firewall turned on and keep your operating system, anti-spyware and anti-virus software up to date.
And finally, report suspicious activity and suspected phishing attempts to the company being impersonated.