US email marketer Epsilon has been hacked and millions of names and email addresses have been stolen. You can’t laugh this one off, because it means the bad guys can now send you more convincing fake emails than ever before. Here’s how to keep your email safe.
That’s bad news because of the practice known as “phishing,” which sees criminals send you fake emails that look like they come from a bank or website and ask you to do things like log on and confirm your username and password or update your credit card number.
Phishing emails look real: the crims behind them pinch corporate logos and do their best to make them look legit.
Once they get you to enter your details into their fakes, they go straight to the real services. If you give them a credit card number, they go on a shopping spree.
Epsilon stored millions of email addresses for many companies, and some of its clients were Australian or operated here.
That means criminals now have lots of local names and email addresses they can load up to create more convincing phishing emails.
Long story short? It’s time to be a lot more careful when reading emails just in case criminals are using data sourced from Epsilon to send you phishing messages.
Here’s how you can fight back.
NEVER EVER respond to emails that ask you for your username and password or credit card details
Your bank or other online service provider will never ask you to send your username, password or credit card number by email.
So never send them. Okay?
If an email looks suspect, check the name of the sender
In the picture below, you’ll see an email sent to My Business by a footy tipping service. In Outlook, double-click on the “From” field (you can see it in the red oval). Doing so will produce the “E-mail properties” box (we’ve put it in a blue oval). If the “Display Name” and “E-Mail” address aren’t exactly what you would expect to see from a service provider, delete the email instantly.
Read email just a little bit more carefully
Phishers are evil geniuses, but are surprisingly bad at grammar. So read emails a little more carefully: if they don’t have the polish you’d expect, hit that Delete button. Fast.
Check the web address
If you click on the link in an email because you think it’s legit, it’s worth checking out the web address it sends you to because it’s often not the address you’d expect.
Let’s use the example of the Australian Government, whose main web address is www.gov.au. A phising mail might direct you to an address that includes www.gov.au but includes some other text. That’s a dead giveaway that you’re in dangerous waters. If you browser shows a series of numbers instead of text (see picture below), you’re probably in dangerous waters. Shut down your browser and run an antivirus scan immediately, as one of the other things phishers want to do is infect your computer with malware.
A last word: “spear phishing”
Another thing to watch out for is “Spear phishing,” the practise of sending very targeted emails.
Most phishing is designed to appeal to lots of people.
Spear phishers target emails for a very small group of people. A recent attack on security firm RSA saw spear phishing emails arrive with an attachment about future recruitment plans. RSA workers were expecting an email of this sort and dropped their guard, but the resulting attack was devastating.
If you get an attachment from an unexpected source, delete it ASAP.
- Reader question: Can someone block the sale of my business?
By Adam Zuchetti
- Slashing customer response times no pipe dream
By Adam Zuchetti
- Legal view on dealing with errant employees
By Geoff Baldwin