Earlier this month, email marketing provider Epsilon announced that their database was hacked. Millions of email addresses were exposed thanks to this breach, and in the following days and weeks many of the companies that used Epsilon’s services — everyone from national banks to big hotel chains to online retailers — sent out emails to their customers alerting them about the vulnerability.
What’s especially worrisome about Epsilon’s announcement is that it wasn’t only email addresses that were accessed. In some cases, names were also connected to these email addresses. With a name and an email address, there’s a high potential to be spear phished.
What’s spear phishing? It’s a phish that’s especially targeted to you. Instead of a mass email sent to everyone on a scammers list, a spear phish is targeted to you directly. It might address you by name, for example, or even look like it’s sent from a friend or family member. Phishes of this type can be especially tricky to identify, but by taking some extra precaution you can outsmart these Internet scammers.
Here’s what to look for:
Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don’t click on the link. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.
Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt. You can always check out their claim safely by heading to your bank’s website and calling them or emailing them directly.
Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.
Of course the absolute best thing you can do to protect yourself from phishing websites is to use OpenDNS. We block more than a half million phishing attempts each month for the people who use our services. Since not everyone is super tech savvy, make sure to set up OpenDNS for friends and family members who might not know how to do it themselves.
If you do come across a phishing email, submit the phony website to PhishTank. Sharing information with the PhishTank community helps quickly distribute phishing data across a number of services, and makes the Internet safer for all of us who use OpenDNS.