• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • ‘Spear Phishing’ Season to Follow Epsilon Data Breach

    April 5, 2011 Alex Woodie

    It won’t be as easy as shooting fish in a barrel. But thanks to a major data breach involving millions of email address by third-party marketing company Epsilon, cyber criminals will get a leg up on their targeted email phishing campaigns, an activity security experts call “spear phishing,” just in time for the summer season.

    On April Fool’s Day, Epsilon posted a not-so-funny notice on its website informing the world that it had been hacked the day before, and that it lost some of the names and email addresses that it stores on behalf of its customers.

    This is a big deal, because Epsilon is one of the world’s biggest high-tech marketing consultancies. The Dallas, Texas-based company, which is owned by the publicly traded Alliance Data Company, bills itself as the “world’s largest permission-based email marketing provider.” In that capacity, it sends 40 billion emails per year on behalf of its clients, which include seven of the 10 biggest companies in the world, and about 2,500 smaller fry.

    Affected Epsilon customers immediately started issuing warnings to their customers, which is a now a legal requirement for large data breaches. The exact scope of the breach hasn’t been disclosed, but by all accounts it’s massive; some security firms are calling it possibly the biggest breach ever.

    Customers with the following companies have received notices that their names and email address were accessed by the Epsilon hackers: Ameriprise Financial, Barclays Bank, Best Buy, Brookstone, CapitalOne, Citibank, Disney, Home Shopping Network, JPMorgan Chase, Kroger, L.L. Bean, Marriott, McKinsey & Company, New York & Company, Ritz Carlton, TiVo, US Bancorp, and Walgreens. (For what it’s worth, there are at least a couple of IBM i shops in this list.)

    The compromised information consists primarily of names and email addresses of customers. The hackers, for the most part, did not get access to more sensitive information. This is not a repeat of the 2007 incident where TJ Maxx lost 46 million credit and debit card numbers to a “drive by” hacker snooping on open networks.

    While there was no compromise of what most people would call personally identifiable information (PII), the email addresses managed by Epsilon were especially valuable, because of the “permission-based” part, which means the owners of the email addresses had given companies their permission to email them.

    This gives cyber criminals an advantage, according to security researchers at Rapid7, a developer of vulnerability management and penetration testing software and services. “Hackers will now have more details on their victims and the fact that attackers will now know information about on who people trust to send them email is a big deal,” says HD Moore, the CSO of Rapid7 and the founder of Metasploit.

    Attackers will be able setup precise “spear-phishing” campaigns as a result of the hack, Moore says. “These are more targeted attacks using information on the target’s behavior, such as where they shop, where they work, or what bank they use,” he says. “Based on the additional information hackers can craft phishing emails with malicious content that are more likely to be opened, downloaded, or clicked-on.”

    Considering the scope of this breach and the brands involved, consumers may want to think carefully before clicking on an email from their favorite bank, retailer, or hotel that has an amazingly good offer. Like your mom said, if it’s too good to be true, it probably isn’t.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    New Generation Software

    Attend the SUMMIT Lunch & Learn Series

    Register today for any of the nine free, online educational sessions offered March 14-30, 2023. Learn from the Summit’s IBM i experts and top independent software vendors.

    NGS recommends “RPG Arrays for Today” with Jon Paris and “Modernizing IBM i? Let’s Take Another Look at Data Access,” March 29, 2023.

    NGS-IQ affordably brings IBM i query and analytics to Windows, Web, and 5250 users.

    Ask about our QDK and subscription offers.

    www.ngsi.com – 800-824-1220

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Help/Systems:  FREE Webinar: Cross-Platform Scheduling Simplified. April 14, 10 a.m. CST
    Northeast User Groups Conference:  21th Annual Conference, April 11 - 13, Framingham, MA
    Four Hundred Monitor Calendar:  Latest info on national conferences, local events, & Webinars

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    IBM i Manifest Americas Faces New Dilemma Taking RSE to Task

    Leave a Reply Cancel reply

Volume 11, Number 12 -- April 5, 2011
THIS ISSUE SPONSORED BY:

Maxava
Profound Logic Software
Townsend Security
Computer Keyes
Shield Advanced Solutions

Table of Contents

  • Infor Debuts Standardized GUI Based on MS SharePoint
  • Maxava Bolsters IBM i Community with iFoundation, $50,000 in Grants
  • Kisco Adds Digital Signatures to Spool-to-PDF Tool
  • nuBridges Bought by Liaison Technologies
  • ‘Spear Phishing’ Season to Follow Epsilon Data Breach
  • IBM Updates Web Content Manager
  • Linoma Touts Security Tool Installation at Connecticut Hospital
  • Cetova Widens JDE Reporting Options
  • Got Gantt? mrc Does Now with m-Power
  • Pacific Timesheet Offers Crew Timesheet Options via SaaS

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i Has a Future ‘If Kept Up To Date,’ IDC Says
  • When You Need Us, We Are Ready To Do Grunt Work
  • Generative AI: Coming to an ERP Near You
  • Four Hundred Monitor, March 22
  • IBM i PTF Guide, Volume 25, Number 12
  • Unattended IBM i Operations Continue Upward Climb
  • VS Code Is The Full Stack IDE For IBM i
  • Domino Runs on IBM i 7.5, But HCL Still Working on Power10
  • Four Hundred Monitor, March 6
  • IBM i PTF Guide, Volume 25, Number 11

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle