The emails that we received over the last week alerting us to the huge breach by Epsilon tried to reassure us that our online accounts were safe.
Those emails attempted to reassure us that no identifying information, passwords or credit card information was stolen, but that doesn’t mean danger isn’t lurking.
Here’s what to do if your bank or credit card’s security systems were compromised.
1. Take it very seriously.
The stolen lists can be used to launch phishing attacks, by sending you emails that look and feel like familiar messages from your favorite retailer or bank. These phony emails contain hidden links that redirect you to a malicious site that captures your password, downloads malware or installs keyloggers, which let an outside website monitor your keystrokes to capture information.
Most of us don’t practice safe password practices, so access to one email/password combination can give the bad guys access to your other services, and the attacks may come weeks or months from now, long after the buzz about the breach has passed.
2. Change the email address you use for the compromised accounts.
This way, you can more readily trust the alerts and messages that you receive.
3. Change the passwords you use for the compromised accounts.
Take this as a chance to spring-clean your computer security practices and choose different, secure passwords for each account. A safe password includes letters, numbers and characters such as #,$, or !.
Add a reminder to your calendar to update your passwords every few months.
4. Practice safe clicking.
Don’t click on links in emails from the compromised accounts, instead directly type the site into your web browser.
5. Talk to your family.
Explain the breach and what the implications are so you’re all on the lookout. If you have an older relative who’s new to the ills of the Internet, share the news with them as well. And don’t forget your teens who may also be a little too trusting of an “official” email.
6. If you receive a phishing email…
Don’t reply to the message or click on the content. Notify the Federal Trade Commission by forwarding the email to spam@uce.gov
Keep in mind that the breach at Epsilon was the result of a targeted attack, using phishing techniques to compromise Epsilon employee computers and access the data. If it can happen to a professional data company, it can happen to you.
Roughly 50 companies had their data leak from Epilson; among them: US Bank, JPMorgan Chase, Capital One, Scottrade, Citi, Ameriprise Financial, Ritz-Carlton Rewards, Marriott Rewards, Hilton Honors, Brookstone, Walgreens, Disney Destinations, Best Buy and the Home Shopping Network. For a more complete list, visit http://www.databreaches.net/?p=17374.
