Monday, April 4, 2011

Gone Phishing - Protect Your Information From Fraud

In an honest endeavor to save money at your local supermarket, we'll call it "Kroger's," you join their membership program where they give you money off coupons based on what you purchase. But to enroll, you must first give them some information, including your email address. Okay, so far so good. And you've saved some money every time you bought groceries. Excellent!

Now, let's say, you have a TiVo box on your TV so you can watch your programs on your schedule and zip past those pesky commercials. Another time saving device. Oh goodie! But when you registered it, you had to include your email address.

And maybe you bought your TiVo box at Best Buy, and you joined their membership program so you could get points and save money every time you shop there. Another place to include your email address.

Ditto with your club purchases at Walgreen's.

Now, let's say your prodigious child has just taken the SAT's (scored nicely too, congratulations!), and you're rewarding the family with a trip on a Disney cruise! Fun for all!

And what if you have your bank account or a credit card with Capital One, Barclays Bank, U.S. Bank, JP Morgan, or Citigroup? Of course, they have your email address too!

Besides your business, what do you suppose these fine, upstanding companies all have in common?

They all use the same marketing company, Epsilon, to handle their email business with their clients, that would be you, along with millions of other people. With over 2,500 corporate clients, they send our more than 20 billion, (yes, with a "B") pieces of email per year to encourage you to do more business with those very same companies that you signed up with using you email account.

And then, on Friday Epsilon said that its system had been breached, exposing email addresses and customer names but no other personal information, to the hackers.

According to the report on CNBC, "It's also a standard tactic among online fraudsters to send emails to random people, purporting to be from a large bank and asking them to login in at a site that looks like the bank's site. Instead, the fraudulent site captures [your] login information and uses it to access the real account."

In simple terms, these are called “phishing expeditions,” and what this means is that your email address is in the hands of the bad guys and it could be used to send out spam, including requests for even more personal information, like your actual bank account numbers. 


Now that data breach has the potential to make these phishing attacks more efficient because the bad guys can target people who actually have an account with the bank, grocery store, etc. 


WHAT YOU MUST DO TO PROTECT YOURSELF

Whenever you receive an email from your bank, grocery store, etc., and it requests you to login to either retrieve a new message, see important information, or whatever it asks, DO NOT DO IT! This is a phishing expedition to gain access to your bank account number and password so the bad guys can clean you out. Yes, the email looks authentic; it's designed that way to lure you into believing it's genuine. IT'S NOT!

Your bank would never ask you to login via an email. Legitimate messages from your bank will direct you to go to their website and login from there, just like you normally do to pay your bills and manage your account.   

HOW ELSE CAN YOU PROTECT YOURSELF?

If you have your email information with one of these companies,  immediately change your password. This will instantaneously invalidate the information the bad guys have about you.

And, of course, if you read my earlier blog about how to protect yourself from identity theft, you'd know how to protect yourself by choosing smarter passwords. But in case you didn’t see it, here it is again: “ARE YOU INVITING IDENTITY THEFT? PROBABLY…”

HELP THE BANKS HELP YOU
If you receive one of the fraudulent emails you can actually help the bank catch the bad guys. You'll need to forward the phishing email you received to their spam department.  Every bank has one; it's listed on their web site and you shouldn't have to login to access it. It’s often found in the “contact us” or “customer service” section.


OTHER USEFUL INFORMATION
The following is information I received from Ameriprise, another one of the companies whose database was stolen. They sent me an email advising me of the breach, and included this useful information that I'm passing along to you:
  • Don't email personal or financial information. Regular email is not a secure method of transmitting personal information. Some companies offer a secure email service that you can use when you need to exchange sensitive information.
  • Don't reply to or click on links in email or pop-up messages that ask for personal information. Legitimate companies will not attempt to collect personal information outside of a secure website. If you are concerned about your account, contact the organization mentioned in the email or pop-up.
  • Use anti-virus and anti-spyware software and a firewall. Some phishing emails contain software, such as spyware, that harm your computer or track your activities on the Internet. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files.
  • Use caution when opening attachments or downloading files from email. These files can contain viruses or other software that can weaken your computer's security.

UPDATE
As of 4:00 PM (PDT) today, here's the list of companies whose databases have been stolen. If you have now, or had in the past, any dealings with any of these companies, and they have your email address, as I indicated above, change that email address immediately. This is a good way to protect your account with that firm.



- AbeBooks
- Ameriprise Financial
- Barclays Bank of Delaware
- Best Buy
- Brookstone
- Capital One Financial
- Citigroup
- The College Board
- Disney Destinations
- Home Shopping Network
- JPMorgan Chase
- Kroger
- L.L. Bean
- Marriott Rewards
- McKinsey & Company
- New York & Company
- Ritz-Carlton Rewards
- TiVo
- U.S. Bank
- Walgreens


I hope this information has been useful, especially if you're on the list the bad guys have. Just remember, "When in doubt, opt out and do nothing." You'll be safer with this in mind.



This information is for guideline purposes only with no guarantee of the results.
Photos courtesy of Annburdigestudio.com,  hoaxslayer.com, thetechherald.com, unk.edu

Posted by at
Labels: , , , ,

3 comments:

  1. I found this article useful.

    Thanks Beryn

    ReplyDelete

  3. Thanks for the valuable information on the phishing mail attempts. I will be sure to spread the information as well.

    ReplyDelete

Thanks for leaving a message. I'm always interested in your thoughts and comments, and look forward to reading what you have to say.

Subscribe to: Post Comments (Atom)