Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Ripple Effect From Epsilon Breach Hits The UK

Imperva : 11 April, 2011  (Technical Article)
With e-mail marketing company having significant numbers of clients in the UK, the effect of the Epsilon data breach is starting to be felt in the country with spear-phishing attacks

A week after Epsilon confirmed that it had detected an unauthorised entry into its email system, the ripple effect is starting to be felt here in the UK. In fact, this breach is shaping up to be one of the biggest this year, and possibly to date as more victims come out of the shallows!


Unsurprising as the online marketer has some of the biggest US and UK companies on its client list, across different vertical sectors, including Citigroup, JPMorgan, and Target in the US. So far, here in the UK, we’ve learnt that Marks & Spencer and Mothercare customers’ email records have been compromised but it’s still relatively early days.


As Epsilon sends out more than 40 billion email ads annually, there is a strong possibility that you may have received an email


There are some that have questioned that, as only the names and email addresses were compromised, what can a hacker actually do with such information?


Correlating the information in the different lists opens up the opportunity for ‘spear-phishing’ campaigns - emails that target specific individuals. To fool the recipient into believing they’re legitimate, they will contain personal details that only an individual familiar, or conducting business, with the victim should know. Theoretically a Mothercare customer, who regularly shops at M&S, could be attacked by the hacker. Having cross referenced the two lists,  the hacker can target them with an email, purporting to come from M&S, offering promotions on its baby-care items if the customer signs up for the service. The customer is deceived, clicks on the link to register and, as part of the process, is asked to provide additional information such as a credit card number. Hey presto - the hacker now has more than just an email address!


On Tuesday (April 5), Intuit – the makers of a US tax refund preparation software – warned its customers about similar phishing campaigns following the Epsilon hack. Interestingly, Intuit is not even an Epsilon client! However, due to the timing of the Epsilon hack, Intuit believes that hackers will initially use these lists to aim at US citizens scurrying to meet the April 15th tax rebate deadline.  Here in the UK, phishing emails purporting to be from HMRC are often circulating and, in fact, our research labs have shown that tax scams this year are on the rise.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo