Although the phishing danger is most pronounced for banks and brokerages with retail-facing business, fallout from the attack affects everyone, especially for the following reasons:
Hackers captured email addresses, company names and full customer names. "This enables a much more effective fraud tactic called 'spear phishing,'" Edelen explains. "The fraudsters know that jdoe[at an email address] is John Doe who has an account with Citibank." With that much information, a phisher's message sounds far more convincing.
Phishers are producing better content. Phishing used to be easy to spot—badly designed email rife with grammatical errors, strange syntax and odd requests. But, reasons Edelen, "If the hackers that broke into Epsilon's database knew what they were stealing and are planning spear phishing attacks, then it's likely that fraudsters using this data are going to get more sophisticated in their approaches."
Repeated warnings have made customers leery of legitimate messages. "The affected Epsilon clients rushed to inform their subscribers of the breach and tell them to be suspicious of any email purported to come from them," Edenlen notes. But that approach could work too well. For instance, a routine transactional email with a new call to action might—mistakenly—raise a red flag.
→ end article preview
Read the Full Article