|
Living with credit (456)
|
New, interesting products (102)
|
Research, regulation, industry reports (236)
|
Rewards (43)
|
Protecting yourself (170)
|
The fine print (76)
|
Credit card miscellany (381)
|
Celebrity Money Watch (5)
 Consumers, bank customers on alert following major email theft
The next email bearing my bank's logo could very well be from a hacker.
Earlier today, Chase sent an email warning of a major theft that could affect me and other bank customers. "Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send emails, that an unauthorized person outside Epsilon accessed files that included email addresses of some Chase customers," the email said.  Chase explained that although some customer email addresses were compromised in the breach, the stolen information "did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure." Based on news reports, Chase customers aren't the only ones who have been victimized. According to The Associated Press, financial-service companies such Capital One, Barclays Bank, U.S. Bancorp, Citigroup and Ameriprise Financial were also affected, as well as retailers including Best Buy, TiVo, Walgreen and Kroger. In total, the AP said millions of email addresses may have been stolen. That means plenty of us will need to be on guard when we open our inboxes. "The email addresses could be used to target spam. It's also a standard tactic among online fraudsters to send emails to random people, purporting to be from a large bank and asking them to log in in at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account," the AP reported. Following the breach, victims could receive what appear to be bank emails but -- in fact -- are the work of clever fraudsters doing what's known as "phishing." These emails will indicate that consumers need to supply personal information, such as account or Social Security numbers. If you get such an email, don't panic, but do visit your bank's website. That's the place to log into your account -- rather than via a link provided on a phishy smelling email. See related: 10 ways to protect yourself from data breaches 
3 Comment(s)Leave a comment |
About
They're the pieces of plastic we love, and love to hate. Get the latest news, tips, research and more from the CreditCards.com staff.
Archives
All Blogs
Filter by: This month
TagsOther Voices and BlogsUseful LinksSubscribe to Taking Charge |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
 Secure SSL Technology |
|
|||||||||||
I was just listening to NPR's account of the data breach. They point out that the scammers can use the email addresses gathered in this fasion to create more-targeted phishing e-mails, ones that have a better chance of getting opened and clicked because they can make it appear to come from your bank.
I particularly liked the term for this type of targeted spam: spear-phishing.
Chase sent out emails to tell us that someone stole email addresses. That seems to be the dumbest thing I've ever heard of. How do you know if an email from Chase is from Chase? If my email address was stolen, perhaps the thief is sending an email purported to be from Chase. The one I got said "Click here to see this important message from Chase". I think not...
@ Col: These emails have been sent from a number of major companies warning about the breach and it has been reported in the news. Still, when it comes to individual emails, you are right to be cautious about clicking links on any questionable messages.