E-mail subscribers whose accounts were listed with dozens of companies hacked over the weekend should keep a watchful eye for scams. Even if you didn’t get a letter about your e-mail being involved in the recent breach, don't assume you're safe. These attacks can happen to anyone.
Don't click on any links from corporation e-mails, or e-mails from strangers. Open a fresh browser and go to the website by typing the address yourself.
"If you are suspicious of an e-mail, go directly to the website. Don’t follow the links," said McAfee spokesman Joris Evers. "There’s no time you should really be clicking. It could always be a scam."
Suspicious e-mails are those that ask you to log into an account to confirm something, such as an order you've made or delivery of a package. Hackers prey on your panic that if you don't sign in, something will get canceled or that your account as been hacked. Think before you click.
Don't call any phone number listed in an e-mail. Go to the company's website and find it yourself. Hackers will use a false phone number with actors to make the scam more believable.
Don't think you’re savvy enough to know the difference between the real and fake e-mails and websites. It can be very difficult to detect the differences -- and especially difficult to notice a scam if reading an e-mail or website from a smartphone. "It's too easy to spoof it," said Marian Merritt, Internet safety advocate with Norton. Security software that's kept up to date can help detect bogus websites.
Even be wary of fake copy-cat consumer alerts about the Epsilon e-mail breach. "You will see more consumer alert e-mails going out," Merritt said. "I have additional concerns that the regular spammers out there will craft fake alert e-mails."
Right now, hackers only have e-mail address lists. But it's good practice to keep passwords for e-mail accounts different and hard to crack. The e-mail account is the portal to access all of a user's online accounts, because anyone can reset a "forgotten" password using an e-mail account.
So far, the following e-mail newsletter lists were breached:
- Amazon.com's AbeBooks subsidiary
- Ameriprise Financial
- Barclays Bank, affects U.S. customers of Barclaycard
- Best Buy
- Capital One
- Customers of Citi's North American credit card businesses
- The College Board
- Ethan Allen Interiors
- Hilton Worldwide
- HSN (Home Shopping Network)
- JPMorgan Chase
- Marriott International
- McKinsey Quarterly magazine
- New York & Co.
- U.S. Bancorp
- Disney Destinations