Epsilon, a company entrusted with large amounts of personal information on customers for all sorts of businesses was recently forced to notify large numbers of customers of a potential data breach. Best Buy, Marriott International and Scottrade are just a few of the big names who relied on Epsilon to store e-mail addresses, personal names, marital status and other personal information. While much of this information may be public in some form, the breach itself puts linked personal information in the hands of people who have ways of using it against you.
You've probably been told time and time again to be careful of people soliciting you for information via e-mail. Occasionally you might even see such e-mails hit your inbox - maybe an e-mail that appears to be from a bank where you don't have an account asking for you to change your account password. The information gained from this recent leak allows spammers to target those informations to you using personal information to try to trick you into giving up something covetted like a bank account or credit card number. This practice is known as spear-phishing.
Spear-phishing can be an effective way for spammers to try to pull information out of you. Maybe you get an email that appears to be from Best Buy asking you to update your rewards account information and it even contains your phone number and home address. Or perhaps you get one that appears to be from Marriott International about booking a free reward stay. While the e-mails may look legitimate and may even have the right return e-mail address, the links in these e-mails could be fradulent and direct you elsewhere in a way that may make it hard to identify you aren't even on the site you think you are. As a general rule of thumb - never trust links to company websites in an e-mail. If a company wants you to update information, open a web browser and go to their site on your own. Don't rely on the link provided to take you where you expect it to. When signing in to a webpage, always check the SSL certificate for the site. This can also reduce the likelihood of giving personal information to the wrong person. And lastly, install tools like ad-block, ghostery, noscript or similar web browser add-ons to help prevent attacks.
The best defense is a good offense. Actively opt-out of e-mail databases when you create logins, remove your personal information from the web and lock down your social accounts to prevent your data from being collected. Read privacy policies when signing up for services and online accounts. The less information you make available, the less will be available. Don't be afraid to say no to sharing.
How simpleroute Can Help
Through software, there are ways to prevent phishing and other attacks. Postini filtering in conjunction with Google Apps for Business or GFI MailSecurity can do wonders in preventing these e-mails from reaching your inbox in the first place. If you are looking for ways to cut down on spear-phishing, spam or other incoming threats, contact us to see how we can protect you.