ADOTAS – Following a good-sized breach of Epsilon Interactive’s email database, consumers are on the alert that it’s spear-phishing season. While plain old email phishing involves fraudsters disguising themselves as reputable companies to catch sensitive information, spear phishing is more targeted at users, based on some kind collected data.
The span of the Epislon breach has grown since first reported on Friday — from consumer info from 19 companies to 50, about 2% of the 2,500 companies it counts as clientele. As the largest email marketing service, Epsilon sends 40 billion emails a year.
Only names and email addresses were exposed during the unauthorized (and supposedly external) entry into Epsilon’s email system, the company claims, but some information from customer loyalty programs was also compromised. Such data could especially come in handy for spear-phishing.
And these are not mom-and-pop operations that had their data hacked. Victims include major financial instituitions — Citi, JPMorgan Chase and Capital One — as well as huge retailers — Target and Best Buy. Potentially millions of consumers could be targeted with this data.
But drastic moves like changing email addresses are not being recommended. Instead, consumers are being advised to be extra cautious — perhaps you shouldn’t buy anything off an email offer for a while — and report or ignore suspicious emails purporting to be from reputable sources. It’s the same with all fishy email offers — if it sounds too good to be true, chances are it’s not.
The fallout from this incident is worth watching considering that Epsilon is the biggest fish in the email marketing pond. It would be curious to know how many consumers who gave up their emails were aware a third-party service handled the actual mailing duty. Surely all companies using email marketing companies will have that information prominently displayed by the “Send me more!” signup box from now on.
Epsilon, as well as all other email marketing services, will be tasked with showing their security is top of the line. Despite such efforts, Epsilon is bound to lose some major clients — the company better hope the term “Epsilon-like data breach” doesn’t catch on with the media.
Which begs the question, will some of these big companies — particularly the ones in the financial services sector — decide to move their email marketing efforts in-house to avoid a similar debacle?
Also, will consumers be more wary about giving out their email addresses? Every consumer must recognize there’s always a risk in handing off your email address, but a major breach like this may make them more prudent about who gets that data — as well as where they purchase goods online.
Or will consumers just not care?
The email data breach is “another reminder that privacy is an illusion on the internet,” Alex Eckelberry, the general manager of the Security Business Unit at GFI Software, told The Tech Herald — echoing my own thoughts on the matter. I wonder how many people who received warnings from retailers and other companies about their email information being stolen simply sighed and said, “Great, more spam headed my way.”
Ah, digital ennui.