The next email bearing my bank’s logo could very well be from a hacker.
Earlier today, Chase sent an email warning of a major theft that could affect me and other bank customers. “Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send emails, that an unauthorized person outside Epsilon accessed files that included email addresses of some Chase customers,” the email said.
Chase explained that although some customer email addresses were compromised in the breach, the stolen information “did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure.”
Based on news reports, Chase customers aren’t the only ones who have been victimized. According to The Associated Press, financial-service companies such Capital One, Barclays Bank, U.S. Bancorp, Citigroup and Ameriprise Financial were also affected, as well as retailers including Best Buy, TiVo, Walgreen and Kroger. In total, the AP said millions of email addresses may have been stolen.
That means plenty of us will need to be on guard when we open our inboxes.
“The email addresses could be used to target spam. It’s also a standard tactic among online fraudsters to send emails to random people, purporting to be from a large bank and asking them to log in in at a site that looks like the bank’s site. Instead, the fraudulent site captures their login information and uses it to access the real account,” the AP reported.
Following the breach, victims could receive what appear to be bank emails but — in fact — are the work of clever fraudsters doing what’s known as “phishing.” These emails will indicate that consumers need to supply personal information, such as account or Social Security numbers.
If you get such an email, don’t panic, but do visit your bank’s website. That’s the place to log into your account — rather than via a link provided on a phishy smelling email.
See related: 10 ways to protect yourself from data breaches