ESET dissects the anatomy of a phishing attack

By on April 6, 2011, 7:52 PM
Late last week, hackers gained access to millions of names and email addresses by breaching the security of a marketing giant called Epsilon. If that name doesn't ring a bell (it didn't for us), the company apparently provides an email marketing service to major financial institutions and retailers -- or as Randy Abrams of ESET so eloquently puts it: "Epsilon is the email machine these companies use to generate massive amounts of something that most people call spam."

Epsilon sends more than 40 billion emails a year for some 2,500 companies including JPMorgan Chase, Citibank, Best Buy, Target, and Walgreens. Although no particularly sensitive data was exposed, such an extensive contact list would be incredibly valuable to cybercriminals. Experts believe the compromised addresses will be targeted in phishing schemes among other frauds and companies affected by the breach have been warning customers to beware of suspicious emails.

In an effort to spread awareness, ESET has published a handy graphical explanation of how phishing attacks work along with pointers on keeping safe. The two biggest tips are: never give out your passwords and don't log into pages linked directly via email. Being the web-savvy folks you are, we don't think you'd fall prey to the woeful cries of a "Nigerian prince," but you probably know someone that would. You might want to pass this infographic on to those individuals:




User Comments: 3

Got something to say? Post a comment
Raswan Raswan said:

Got an email from BB the other day admitting that Epsilon had been hacked. Great,

Guest said:

The national college board's website and mail list had the same breech of security. Most likely not to cause much bank stealing, but it said only email addresses and public info were released.

Still, anyone who got an email should straighten out their security info ASAP.

gwailo247, TechSpot Chancellor, said:

My mom got a call last week asking for updated credit card information for an online account. I took the phone and I told the guy I'd be an ***** to give him a credit card number, asked for his phone number, which I'll verify, and then I'll call back. The guy refused. So I told him that now he really sounds like a scammer, a legitimate business would not have a problem with this. I asked for his supervisor. He finally gave me the phone number, which I did look up and verified as accurate.

Then I just had my mom update the account online, as her credit card did indeed expire, but I'm really surprised at businesses still have people calling asking for credit card numbers.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.