The emails started coming on Sunday evening. It was from Ameriprise which is an insurer we no longer use. The next day emails from five additional companies arrived all with the same message.
Epsilon, their third party marketing services vendor, had experienced a security breach and names and email addresses were stolen of some customers. The companies were all quick to explain that account information was not compromised. It must have satisfied most people because I never heard anyone talking about it at the proverbial water cooler this week.
Why You Should be Concerned
There are two ways the data thieves could use your information. Most commonly talked about is for phishing.
Phishing emails appear to be from the company you do business with, but emails “fishing” for your private data. The goal is to get you to give out sensitive information such as your social security number or credit card information by having you enter it in a look-alike website.
The thieves could also pose as you at the company’s website and submit a lost password request. Most companies will no longer show passwords on screen and only send them via email or text message.
What You Can Do
There are numerous steps you can take to protect yourself. The first is to use another email account for the companies that indicated your email account was compromised. Or if you no longer do business with that company, remove yourself from their mailing list. By removing myself from the company’s list, it would be highly suspicious when I get an email. Other ideas include:
1. Don’t use your email address as a login for accounts. Create a separate login name. Unfortunately too many websites still use email without another option.
2. Don’t provide your online user ID or password in email to anyone. The company will never send you an email asking you to verify it via email.
3. Don’t respond to emails requesting personal information be entered directly into the email or a URL. Companies will not close your account because you didn’t click on a URL to enter personal information. If you think an email is valid but are not sure, go to the website directly, not from an emailed URL, and login to your account.
Fighting cyber-crime will be an ongoing process for companies and consumers. Be vigilant and practice habits that protect your information. What other advice should Epsilon victims heed?