ESET dissects the anatomy of a phishing attackBy Matthew DeCarlo
Late last week, hackers gained access to millions of names and email addresses by breaching the security of a marketing giant called Epsilon. If that name doesn't ring a bell (it didn't for us), the company apparently provides an email marketing service to major financial institutions and retailers – or as Randy Abrams of ESET so eloquently puts it: "Epsilon is the email machine these companies use to generate massive amounts of something that most people call spam."
Epsilon sends more than 40 billion emails a year for some 2,500 companies including JPMorgan Chase, Citibank, Best Buy, Target, and Walgreens. Although no particularly sensitive data was exposed, such an extensive contact list would be incredibly valuable to cybercriminals. Experts believe the compromised addresses will be targeted in phishing schemes among other frauds and companies affected by the breach have been warning customers to beware of suspicious emails.
In an effort to spread awareness, ESET has published a handy graphical explanation of how phishing attacks work along with pointers on keeping safe. The two biggest tips are: never give out your passwords and don't log into pages linked directly via email. Being the web-savvy folks you are, we don't think you'd fall prey to the woeful cries of a "Nigerian prince," but you probably know someone that would. You might want to pass this infographic on to those individuals: