This week consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton HHonors and others, letting them know that their e-mail addresses have been exposed due to the recent Epsilon data breach. I’ve already recieved 4 from big companies. This provides a perfect opportunity for cybercriminals, who may try to take advantage of the breach to send out phishing e-mails designed to steal user names and passwords. Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing or spear phishing ones.

Be suspect of emails that look like they are “notifications” of the breach. Scammers will send out an email looking like it came from a retailer or hotel chain and try to get you to log in to update your account. Once they get your passwords they will likely use that password to compromise other accounts that have that same password associated with the email address.

Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel the effects for decades. Email addresses fall in the middle because consumers have the ability to change them, but often weigh the pros and cons and keep them for convenience sake. This is what makes getting phished a higher probability.

McAfee Labs believe scammers will probably wait until they figure out how best to turn their scams into money, and may wait until the news cycle dies down. That’s why it is important for consumers to stay vigilant for a period of time…really for the entire time you posses a hacked email address.

Here are some tips for consumers to stay safe:

– Consider ditching your compromised address and starting new.

– Now is a good time to change all your passwords to different passwords. No account should be the same.

– Be aware that companies will never ask you for credit card information or other personal information in email. If you are being asked to provide that information, it’s a scam.

– If you are suspicious of an email, go directly to the Web site of the company that purportedly sent it and don’t follow links in the email as those may be fraudulent. Call the company’s number listed on their Web site, not the number in the email as that may be a fake

– Consider unsubscribing from email communications and re-subscribing using a new email address for commercial communications. That way you know that messages that land in that new inbox are more likely to be genuine as the new address wasn’t part of the breach

– Use the latest security software, including Web security features to protect you from going to malicious Web sites such as phishing sites

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing the Epsilon breach for McAfee on Fox News. (Disclosures)

Be Sociable, Share!