There has been a massive data breach of an email company that handles the marketing campaigns for major financial institutions, credit card companies, vacation programs and hotels. Experts are predicting we’ll see a wave of so-called “spear phishing” attacks as cybercriminals leverage the database of email addresses and private information to trick consumers. I also predict cybercriminals will mimic the authentic notification letters currently being sent to affected consumers to further trick us.
Over the weekend I received three such notification letters: one from a bank I’d forgotten we’d had a loan from, another from a hotel loyalty program and a third from a vacation planning company. And I’m sure consumers who have received these letters either thought them to be clever spam efforts (as was my initial response) or will un-learn an important internet safety best practice and start clicking on links in unexpected emails. Please don’t do that. If you suspect you’ve received an email from your actual institution related to this data breach, contact them via their regular website address and type it in yourself. You should even be suspicious of the telephone numbers listed in the email as cybercriminals have used “vishing” – phishing attacks where you are instructed to dial a special phone number. You should be able to find authentic consumer information related to the issue at the company’s website, including customer service telephone numbers.
For more information on the breach and a list of known brands that were involved, please read Brian Krebs’ article here.