SmartMoney Blogs

Pay Dirt
A daily look at what we buy, how we spend, and the companies that do right - and wrong - by their customers.

Epsilon Data Breach: Who Has Your Email Now?

The massive data breach at Epsilon – where an unknown third-party accessed the marketing company’s list of customer emails – has likely compromised thousands of consumers. The Dallas-based firm first alerted the public last week, but the list of companies impacted keeps on growing.

Getty Images

The breach was limited to customer emails  only and, in other cases emails and names, but that’s still enough to leave thousands of customers vulnerable to a larger attack. Emails are only virtual addresses that provide scammers with an opportunity to contact you. The key is to recognize them if they come calling.

An Epsilon spokeswoman says the company can’t itself confirm what companies were impacted due to an ongoing investigation. But banks and hotel chains have been sending out their own warnings by Twitter and email about the breach and caution customers to be on their guard, and other news sources are providing a growing list of company email addresses allegedly compromised.

Among them, Citibank tweeted: “Please be careful of phishing scams via email.” JPMorgan Chase also warned that some Chase customer emails were compromised. Tivo tweeted an apology to those customers impacted by the breach.

However, thousands of worried consumers are now asking themselves: what can I do to protect scammers from stealing my credit card information, passwords or points balance on my rewards cards? And – more to the point – can they actually steal this information?

The answer: it’s highly unlikely, especially if you do nothing. As their name suggests, “phishing scammers” only work by gleaning more information from you than they already have. The email is the hook. You, the consumers, are the fish.

“Now the bad guys know who you do business with,” says Chester Wisniewski, senior security adviser at online security firm Sophos. “The likely outcome as far as fraud is concerned will be people impersonating the institutions they’ve compromised. If they contact you it will likely come in the form of a phishing attack [an email, or phone call if your number is listed, asking you for more information] or try to lure you online to a malicious link.”

Here’s what security companies advise:

When to do nothing: Don’t reply to emails that ask for personal information such as passwords, bank account or credit card details – even if the email mentions Epsilon and tried to scare you by saying your account is compromised. No legitimate company would ask you to do this. If you receive a suspicious phone call from your bank, hang up and call the bank yourself. Don’t let curiosity get the better of you either: don’t open email attachments or follow links by email, Twitter or Facebook, even if they have been “forwarded” to you by a friend.

When to take action: If you already use your email as a password for an online account, change it. If you use your name, or an easy variation of your name as a password like JohnDoe123, change it. But do this on the company’s own website. Never do this if asked to by email.

What to do in the future: Use secondary, less important email addresses when registering online accounts. Keep one for this and others for businesses, friends and family. If a secondary account starts receiving spam, it will be easier to shut it down without too much inconvenience.

Wisniewski says, “Raising our level of caution when interacting with Facebook or the Internet is only going to improve our security overall. If you get an email from a company asking you to follow a link to get a dollar off a carton of milk, don’t follow it.”

Have you ever been targeted by a phishing scam?


We welcome thoughtful comments from readers. Please comply with our guidelines. Our blogs do not require the use of your real name.

Comments (5 of 8)

View all Comments »
    • By WebOsPublisher

      OS X icon transparency and Tasks bundle file icon – The Pug Automatic
      OS X icon transparency and Tasks bundle file icon
      Written August 16, 2007 at 17:22 CEST.
      Annoyances, Design, OS X, TextMate.
      This is a multi-purpose post: a workaround for the poor icon handling in OS X and a pretty icon for my Tasks bundle.
      Tasks bundle icon
      I got tired of the generic blank document icon for my Tasks bundle .todo files, so I custom-made one:
      There is an official TextMate document icon template somewhere, but until I get an URL for that, here is the Photoshop psd I made from an existing icon: textmate.icns.psd.
      To convert the psd file to an .icns file, I used Icon Composer which ships with the (free) Apple Developer Tools. Just drag the PSD to the largest slot in the Icon Composer window, then drag from there to each smaller slot in turn, using scaled versions and extracting masks when prompted.
      OS X icon woes
      I love many things about OS X, but the icon handling is really, really horrible.
      What I would really like to do is make all files with the .todo extension use this icon. However, after googling it, it seems like I would have to modify TextMate itself and have my changes overwritten at every update, or convince the TextMate author to include my icon and file extension settings.
      So I settled for something less painful: since I keep rather few to-do lists, I can set the icon individually for each such file.
      Changing the icon for a file (including e.g. drives, devices and applications) in OS X is a matter of opening the info window for the file (⌘I), selecting the icon in the top-left and pasting something there. It’s a pretty cute solution, though very non-obvious. Oh, and it sucks: if I’ve copied an image with transparency from Photoshop, pasting it in the info window will not preserve the transparency. The icon gets a solid background color. Same thing happens when I copy from Preview or from the image’s info window.
      If I open the info window for an .icns, it bears an “icns” icon rather than itself.
      Update 2007-08-16
      Dragging-and-dropping an icon file to the excellent freeware app icns2icon (thanks, Andrew!) makes it appear as its own info window icon, greatly simplifying things.
      Leaving the kludge below to scare children.
      It’s something of a bootstrapping problem: what we really need is a file bearing the icon, to copy it from.
      The workaround I came up with relies on the fact that the only thing I’d been able to successfully set icons for, transparency and all, were applications, by replacing their bundled icon file with a new one.
      Go to /Applications and duplicate (⌘D) some app, perhaps Photo Booth. Right-click the copy and “Show Package Contents”. Swap Contents/Resources/PhotoBooth.icns for your own icon, using the same filename. You may need to restart Finder or even log out and back in to get its info panel icon to change.
      Once the change kicks in, I can then copy the new icon from the info window to whatever file I wish, with transparency intact.
      This workaround is ugly for sure, but I’ve yet to find something else that works. Please let me know if you’re aware of a better solution.
      Colloquy scrolling issue and Safari 3 beta
      Tasks bundle for TextMate
      Please enable JavaScript to view the comments powered by Disqus.
      В  В 
      The Pug Automatic
      A blog by Henrik Nyh.
      Subscribe by RSS.
      Loading tweets…
      Fetching bookmarks…
      © 2012 Henrik Nyh.
      Pug art
      by Johanna Г–st.
      Powered by Octopress.

    • Is there anyone out there who really believes that only email addresses have been stolen? Epsilon should act responsibly and admit the extent of this problem.

    • there were many scams after sox showing that it was not effective and just another non value added make work project for financial types

    • We had SOX regulation after Enron. The next area ripe for regulation (about time!) is handling of digital data & privacy. The question is whether it’ll be effective or just another money waster like SOX …

    • And for the second act your electronically held health records will be hijacked.

About Pay Dirt

  • Pay Dirt examines the millions of consumer decisions Americans make every day: What to buy, how much to pay, whether to rave or complain. Lead written by Quentin Fottrell, the blog examines these interactions, providing readers with news, insight and tips on shopping, spending, customer service, and companies that do right – and wrong – by their customers. Send items, questions and comments to quentin.fottrell@dowjones.com or tweet @SMPayDirt.