Computer Chat

According to some sources I’ve been reading lately, while folks under 55 may be using web-based email less, we seniors are using it more. The younger-uns are turning increasingly to Facebook and Twitter and texting to keep in touch.

Regardless, many emailers were shocked last month by the headline “Epsilon Falls To Spear-Phishing Attack.” Many of you will instantly understand “spear-phishing attack’ but may not have been familiar with Epsilon. For those to whom phishing (pronounced ‘fishing’) is a new term, here’s Webopedia’s brief definition:

“The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.”

Further, according to SearchSecurity.com, “Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.

As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. [With] spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority.”

So how does all of this concern us? Well, in April, “Epsilon, the world’s largest email service provider … put the customers of at least 50 major companies at risk from targeted phishing attacks, aka spear phishing, which use fake yet personalized emails to trick people into disclosing personal information, including passwords and financial details.

In an ironic twist for a company entrusted with sending an estimated 40 billion emails per year, the Epsilon breach apparently stemmed from the company’s having been spear phished itself.” Moreover, Epsilon had been warned of its vulnerability by one of its business partners which, (to test Epsilon’s and others’ security system) had been targeting email service providers (ESPs) like Epsilon via spear phishing attacks last fall and earlier.

Among the companies that Epsilon serves are Abe Books, Best Buy Canada, and AIR MILES-which explains why I (and perhaps you) received this notice from AIR  MILES on April 4: Subject Line: “An important email security update for AIR MILES Collectors.”

According to Epsilon, attackers stole only 2% of its customer data. But given that the company provides email marketing services for more than 2,500 companies, and, by some estimates, stores 250 million emails, that’s a sizeable breach.

Until next time,