One of the essential things in computing is security. That seems obvious, but as recent (and not-so-recent) events suggest, it’s a lesson users get to relearn often.
Take the April 1 revelation — no fooling — that Epsilon, which bills itself as ” the industry’s leading marketing services firm,” suffered a security breach.
An Epsilon statement said, “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk.”
The affected group, the company said three days later, “are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services.” That means you’re OK — unless you do email-related business with, among other firms, Target, BestBuy, the HSN cable channel, TiVo or Hilton Hotels’ HHonors program. According to media reports, at least three major banks also have notified their customers of possible breaches.
Now, in and of themselves, your name and email address are generally little more than a spammer’s dream: Ads for cut-rate “pharmaceuticals” of dubious origin and quality, bargain-basement imitation Rolex watches or “instant” MBA and doctorate degrees are the spam sender’s stock in trade.
However, more sophisticated criminals will try — and sometimes succeed — to convince you that they’ve sent a legitimate message from a firm with which you do business. The email will look genuine, right down to an image of the company’s logo, and it’ll offer a link that looks like the ones used by major firms to interact with customers. Once you get to what looks like a “login” screen or something else similar, you’re asked to supply all sorts of personal information: Passwords, account numbers, whatever. The most sophisticated of such schemes let you imagine you’ve actually logged on to your bank or credit card company, only to find you’ve really been duped.
On its own, your email address may not be worth much to an Internet thief. But with your email address, account login ID and password, that same thief can go to town.
What to do? Be careful, of course: If email looks suspicious, if it’s downright phony, avoid it. I received an email with some tips from Norton, a firm that makes Internet security software, and, frankly, those tips make sense.
The first tip: “Know the online policies of any provider you have an online account [with],” the firm advises. This also is true: “Banks, credit providers and other services will never ask you to confirm your personal details via an email.”
Compare the website address in the email with the actual Internet address of the firm where you’re a customer. “For example,” as the Norton statement said, “the website ‘MyGoodBank.com’ is not the same as ‘My.Gud.Banke.ru.us/net.’” In my experience, hovering the mouse pointer over a link will often pop up a window showing the real Web address, which often is as far removed from a genuine Web address as can be. The moral: Check links carefully.
Also, Norton advises, look out for spelling and grammatical errors that suggest someone who isn’t a professional wrote the message. “Such traits are hallmarks of phishing emails,” the firm said.
It’s also a good idea not to just click on a link in an email, but retype it into your browser, the Norton statement advised.
The firm had a self-serving suggestion: Make sure your security and online identity protection software is up to date. That, too, is fair: The latest software, often available online or at retailers at discount prices, offers good but not foolproof protection.
I’d also toss in the idea that an identity theft-protection service such as LifeLock.com is worth investigating. Yes, the service costs a few dollars a month, but the peace of mind is well worth it.
You’ve read the following here before, but it demands repetition: You are the best protection for your private online information and identity. Don’t leave these areas to chance.