You may very well receive one or more valid e-mail messages from affected
vendors, informing you about the breach. You're even more likely to get mail
from a scammer warning that you need to log in and protect your data. Once you
log in on the scammer's fake site, your identity with that vendor is totally pawned.
This kind of social engineering attack, called phishing, happens all the
time. The Epsilon exploit just gave the scammers a new collection of suckers to
bait. Here are simple tips to avoid getting reeled in:
Don't click links in e-mail purportedly from your bank. If the
message warns of an account problem that needs your attention, launch your
browser and go directly to the bank's site.
If you're at all suspicious of a link in an e-mail message, point the
mouse at the link. Most e-mail clients will reveal the destination URL. A
link URL that doesn't match the link's stated destination is a red flag.
Pay attention to the URL in the browser's Address bar. Many phishing
sites don't even try to use believable URLs. Others use warped versions of the
true URL, perhaps PayPal.com or eBay.something.com. If the URL looks wrong,
leave the site and enter the real URL by hand.
Don't register your details. Yes, you can save time on some vendor
Web sites by registering with your credit card and other personal details. But
that puts your data at the mercy of any hacker who breaches the vendor's
security.
No comments:
Post a Comment