If you're a customer of Best Buy (BBY), Citigroup (C),
or any one of the 2,200 global brands that relies on email marketing
giant Epsilon, you may have received a rather alarming notice over the
weekend. Epsilon has reported a security breach that may have
compromised your email address and name.
While it may at first sound like the identity thieves walked away with
very little, the potential for damage can be great, say security
experts. For example, armed with your name, email address, and the name
of a company with whom you do business, identity thieves can send an
authentic-looking but bogus Best Buy email asking you to supply your
credit card information or other personal information. This can later
be used to pilfer your financial accounts.
What You Can Do
Here are some steps consumers can take when receiving an unsolicited email, according to Kristensen:
- Open a new browser and visit the website that supposedly
sent the email; check to see if it's promoting the same offer that has
been sent to you unsolicited;
- Mouse over the link contained in the email and look at
the lower left corner of the screen to see if the domain name matches
the company that is purportedly sending the email;
- If you must click on the link, once it's open it should
still show the same domain name. If it doesn't -- and it asks you for
financial information like a bank account number or social security
number, do not provide the information. If the opened link now has a
different domain name, although it's not requesting financial
information, the identity thief may have opted to infect your computer
with a virus instead.
- Best advice of all is to avoid clicking on links or opening attachments placed in unsolicited emails.
- And, finally, keep your security software updated.
Best Buy and McKinsey Quarterly, two Epsilon clients that were affected
by the email security breach, issued their own warnings to customers.
Best Buy says in its email:
