Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:22 PM
Dark Reading
Dark Reading
Products and Releases

Better Business Bureau Warns Of First Phishing Attacks In Wake Of Epsilon Breach

Banks, credit-card issuers warn of email breach

CHARLOTTE, N.C. -- It has only been a few days since millions of customers' email addresses were accessed in one of the largest data breaches in U.S. history, and now, the BBB is seeing one of the first email phishing scams to result from the information theft.

If you are a customer of one of the companies that had email data stolen, the BBB is warning you to be on the lookout for phishing emails. An email sent from a fake "Chase Bank," one of the companies whose data was compromised, warns that "your account will be deactivated or deleted if you do not update your profile immediately." The email instructs you to update your account by clicking on the link provided. "Although the email sounds urgent since it appears to be from your bank, do not click on the link and input your bank account number or social security number," said BBB President Tom Bartholomy. "With this information, a scammer can steal your identity in a matter of minutes." The BBB has advice to help protect you from identity theft and email phishing scams:

* Be careful about clicking on links or downloading attachments contained in emails. You could expose your computer to viruses, spyware and malware which can lead to identity theft. * Do not give personal or financial information to anyone who contacts you via email, even if they say they are from your bank, the IRS or a law enforcement agency. These businesses will not contact you via email; they will send you a letter. * Discuss phishing scams with all the members of your family who have email addresses. Young people are very computer savvy, but may not be scam savvy, and older adults are specifically targeted by scammers because they can be very trusting. * Watch out for grammatical mistakes in emails. Poor grammar or misspelled words are red flags that the email is probably a scam. * Keep your anti-virus software up-to-date and run it regularly.

For more information about phishing scams, please visit www.bbb.org.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...