The security breach of Epsilon marketing company a few days ago means that some unknown third party now has access to thousands of e-mail addresses. Here are some recommendations from Smart Money via the NARFE newsletter on what we should do to protect ourselves.
Worried consumers are now asking themselves: what can I do to protect scammers from stealing my credit card information, passwords or points balance on my rewards cards? And – more to the point – can they actually steal this information?
The answer: it’s highly unlikely, especially if you do nothing. As their name suggests, “phishing scammers” only work by gleaning more information from you than they already have. The email is the hook. You, the consumers, are the fish.
“Now the bad guys know who you do business with,” says Chester Wisniewski, senior security adviser at online security firm Sophos. “The likely outcome as far as fraud is concerned will be people impersonating the institutions they’ve compromised. If they contact you it will likely come in the form of a phishing attack [an email, or phone call if your number is listed, asking you for more information] or try to lure you online to a malicious link.”
Here’s what security companies advise:
When to do nothing: Don’t reply to emails that ask for personal information such as passwords, bank account or credit card details – even if the email mentions Epsilon and tried to scare you by saying your account is compromised. No legitimate company would ask you to do this. If you receive a suspicious phone call from your bank, hang up and call the bank yourself. Don’t let curiosity get the better of you either: don’t open email attachments or follow links by email, Twitter or Facebook, even if they have been “forwarded” to you by a friend.
When to take action: If you already use your email as a password for an online account, change it. If you use your name, or an easy variation of your name as a password like JohnDoe123, change it. But do this on the company’s own website. Never do this if asked to by email.
What to do in the future: Use secondary, less important email addresses when registering online accounts. Keep one for this and others for businesses, friends and family. If a secondary account starts receiving spam, it will be easier to shut it down without too much inconvenience.
Wisniewski says, “Raising our level of caution when interacting with Facebook or the Internet is only going to improve our security overall. If you get an email from a company asking you to follow a link to get a dollar off a carton of milk, don’t follow it.”
No comments:
Post a Comment