Email safety after Epsilon data breach

On March 30th, Epsilon an email marketing management firm suffered a data breach.  It serves as the email management firm for some of the nation's best known brands (Target, Capital One, Disney Destinations, Home Shopping Network, Marriot Rewards, Hilton Honors, and some 44 other major names) and someone was able to obtain their customers' email addresses and names.  CBS news reported that the Secret Service is investigating.

I received my first notification on Sunday morning (from Disney Destinations) before the news sources were reporting it.  The email assured me that only my email address and name were compromised.  There wasn't a lot of guidance of what precautions I could take, but if in fact it was just my name and email, I knew what to expect and how to respond.

Once the scope of the breach began being reported, it became obvious that the potential for malicious emails would be quite significant.  The thieves know that these are real emails and they know the relationship you had with a particular trusted brand. This means that they have a better than random chance of tricking you into a phishing attack.  A phishing attack is when you are tricked into willingly giving over your personal and/or financial data by convincing you to provide that information to maintain security, win a prize or to maintain a relationship.

Usually it is easy to spot such come-ons.  Spam (unsolicited emails) fills mailboxes everywhere with subject lines such as "your eBay order has shipped" or "your urgent action is required for your Chase account".  I know that I don't have a Chase account and I haven't ordered anything from eBay, so I can delete without a second thought.  But if I am a Target customer who gets regular email notices about upcoming sales, it might be reasonable for me to click on a link in an email offering me a 'thank you coupon'.  And I am generally pretty skeptical, imagine someone who is a bit less of a sophisticated email user.

So, what should be the response of all of us when reading our incoming emails.

1.  Read with skepticism.  Look for misspellings, lack of polish or things that just don't make sense.  Those are easy deletes. 

2.  Don't click on 'unsubscribe' from a suspect email.  If the email is illegitimate, the website will be as well. 

3.  If an email looks to be genuine communication, don't use the links in the email to contact the sender.  Instead go to their website and contact them using the available options.  No bank, I'll say that again, no bank will legitimately ask you to give your account number, social security number, your password or the like via email.  Do not provide financial information or your passwords on the web unless it is on a secure site using the 'https' protocol.

4.  If you end up on a website that starts launching warnings about virus alerts, telling you to install software, freezes your computer--you can use the Task Manager in Windows (ctrl key + alt key + del key) or Force Quit (command + option + escape) in Mac OS to closer your internet browser safely.

5.  Keep your anti-virus up-to-date.  Windows users can use Security Essentials free for home use, or you can use one of the other major antivirus providers (Norton, Symantec) which are are available for everyone. 

6.  Discuss this with your kids and parents.  People will often hide mistakes they make falling prey to scams.  If you think they have been a victim, help them to report the scam to the FTC and the Virginia Commonwealth's Attorney. 

7.  Consider using one of the free email providers (Gmail, Hotmail, etc) to have an address you can use for email signups.  That way you can keep the 'junk mail' separate from your personal or business correspondence.  You can still get the email offers and newsletters but you can protect the email address that would be hard to walk away from.   

8.  And probably a good thing to do is to go to Epsilon's opt-out page to manage the communication you receive or choose to be removed completely.  You can always start fresh with a new email address for the email newsletters you want to keep.