DENVER (CBS4) – It’s always good advice — but it’s advice that’s even more appropriate now in the wake of the most recent security breach.
Those who get an e-mail from a financial institution or store asking to log into their account or give up personal information should beware. It may not have come from where they think.
Officials are warning that a data security breach involving the marketing firm Epsilon may have exposed the e-mail addresses of what could be millions of customers of major U.S. banks, hotels and stores. And because of that, it’s expected people might be tricked into giving up personal information.
Security experts say because the data breach may link individuals to businesses they actually patronize, bad guys might try to prompt people to give up passwords, Social Security numbers or other sensitive data. That, in turn, can lead to accounts being accessed — or cases of identity theft.
At least 50 brands, 2 percent of Epsilon’s clients, were affected. Those companies have been explaining the breach was limited to e-mail addresses. But experts say a lot of damage can still be done. They expect the cybercriminals, armed with company logos, will go spear phishing for sensitive data.
“This hacker is going to try to get their hands on it somehow,” Megan Miller with the Better Business Bureau of Denver/Boulder said.
It’s already started. An e-mail with the Chase logo is bogus. If the misspelling doesn’t give it away, the request to click a link to update an account should.
“I can tell by looking at this e-mail that it’s phishing e-mail but others may not be able to recognize it right away,” Miller said.
Those not sure an e-mail is legitimate should contact the company directly.
(TM and © Copyright 2011 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2010 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)