also @ TechSpot: Microsoft Surface RT drops to $199... for schools and colleges

ESET dissects the anatomy of a phishing attack

By

On April 6, 2011, 7:52 PM

es
Late last week, hackers gained access to millions of names and email addresses by breaching the security of a marketing giant called Epsilon. If that name doesn't ring a bell (it didn't for us), the company apparently provides an email marketing service to major financial institutions and retailers -- or as Randy Abrams of ESET so eloquently puts it: "Epsilon is the email machine these companies use to generate massive amounts of something that most people call spam."

Epsilon sends more than 40 billion emails a year for some 2,500 companies including JPMorgan Chase, Citibank, Best Buy, Target, and Walgreens. Although no particularly sensitive data was exposed, such an extensive contact list would be incredibly valuable to cybercriminals. Experts believe the compromised addresses will be targeted in phishing schemes among other frauds and companies affected by the breach have been warning customers to beware of suspicious emails.

In an effort to spread awareness, ESET has published a handy graphical explanation of how phishing attacks work along with pointers on keeping safe. The two biggest tips are: never give out your passwords and don't log into pages linked directly via email. Being the web-savvy folks you are, we don't think you'd fall prey to the woeful cries of a "Nigerian prince," but you probably know someone that would. You might want to pass this infographic on to those individuals:

3 comments

User Comments: 3

Got something to say? Post a comment
  1. April 6, 2011 8:13 PM
    Raswan
    Raswan said:

    Got an email from BB the other day admitting that Epsilon had been hacked. Great,

    Reply
  2. April 6, 2011 8:52 PM
    Guest said:

    The national college board's website and mail list had the same breech of security. Most likely not to cause much bank stealing, but it said only email addresses and public info were released.

    Still, anyone who got an email should straighten out their security info ASAP.

    Reply
  3. April 6, 2011 9:27 PM
    gwailo247, TechSpot Chancellor, said:

    My mom got a call last week asking for updated credit card information for an online account. I took the phone and I told the guy I'd be an ***** to give him a credit card number, asked for his phone number, which I'll verify, and then I'll call back. The guy refused. So I told him that now he really sounds like a scammer, a legitimate business would not have a problem with this. I asked for his supervisor. He finally gave me the phone number, which I did look up and verified as accurate.

    Then I just had my mom update the account online, as her credit card did indeed expire, but I'm really surprised at businesses still have people calling asking for credit card numbers.

    Reply

Recently commented stories

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Downloads and Drivers

Downloads   Drivers  

Snapchat 2.1.0

Light Alloy 4.7.0

Speccy 1.21.491

Tweak-SSD 1.0.20

EZ CD Audio Converter 1.2.2

More Downloads

From the Forums

Home page change 6 replies on Virus and Malware Removal

Recently i had ZeroAccess attack me 45 replies on Virus and Malware Removal

Win64/Patched.A removal-need help 15 replies on Virus and Malware Removal

Weird internet activity 40 replies on Virus and Malware Removal

Adobe air fake update - please help! 15 replies on Virus and Malware Removal

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.