In case if you don’t get email from your local retailer, drug store or Bank yet you will soon.
Customers of about 50 companies, from banks to retailers and hotels, had their names or email addresses exposed when the hacker attacked and obtain e-mail addresses and names associated with those addresses.
In this could be one of the biggest attacks in U.S. history hackers stole millions of emails from a US based online marketer company Epsilon and sending a genuine look like emails for customers.
On this attack including US companies UK’s leading retailer Marks & Spencer and DELL Australia also admitted their customer’s information stolen.
You need to watch out for scam emails if you are one of a customer of some of these popular companies
• US Bank
• JPMorgan Chase
• Capital One
• Home Shopping Network (HSN) (added 4/3 @10:22am)
• Ameriprise Financial
• LL Bean Visa Card
• Hilton Honors Program
• Fred Meyer
• Beachbody (Makers of TRX)
• TD Ameritrade
• Ethan Allen
• Eileen Fisher
• McKinsey & Company
• Ritz-Carlton Rewards
• Marriott Rewards
WHAT TO DO?
There are a few things you can do. They include:
* Knowledge is power. The first, of course, is knowing that this has occurred (and will likely occur again in many forms). Prior to this incident you should have been on your guard regarding any commercial e-mail message. This event should underscore that you have to take such messages with a large grain of salt.
* Examine the pitch. Financial institutions, government agencies, and legitimate businesses never, ever send e-mail messages demanding that you update your personal information and provide such sensitive information as a bank account number, PIN, and social security number. If you receive such a demand, it’s a scam.
* Check the link. More often than not, such messages include a Website link. In Apple’s Mail, hover your cursor over such links and wait for the yellow tooltips window to appear. Take a look at the address in this window rather than the one printed in the link. Does it lead you to the Website it purports to or are you being directed to something that sounds legit, but on closer examination clearly isn’t?
* Don’t click the link. Scammers can be a clever lot and can fashion messages and links that look very convincing. Do not click links in these messages. Instead, if you’re concerned, launch your Web browser and go directly to the Website of the company you believe has contacted you (typing in the address yourself rather than pasting in a link). Check your account information. Do you see any notices there that confirm the e-mail message you’ve received? Probably not, but if so, give the company a call and speak to a representative.
* Check the IP address. Return addresses for these messages are routinely forged, so don’t trust the legitimacy of a message based on the sender’s address. You may, however, be able to clear up some confusion by checking the sender’s IP address. To do that in Apple’s Mail, select the questionable message and choose View -> Message -> Long Headers. You want to look at the entries that appear after Received–specifically those entries in the form of [123.45.678.000] farthest down the list. Such entries indicate the IP address where the message originated. (Ignore any addresses that start with 192.168 or 10.0 as these are IP addresses used on a local network.) Having found one of these addresses, go somewhere like Geobytes’ IP Address Locator, enter the address in the IP Address To Locate field, and click Submit. Below you’ll find the region location for the address. If you see a location in Asia or the Pacific, you’ve been contacted by a scammer.
Some tips that should cut down your risk.
* Don’t be fooled by fake login screens: If you’re already signed into Twitter, Facebook, or your email, you won’t be asked to sign in again unless you’ve logged out. Even if the screen looks like the normal login, it probably isn’t.
* Don’t be fooled by emails: I’ve been asked to reply to my “banking institution” with my account login information before. The email is formatted to look legit, but if you check the sender’s address, most likely it’s from a third-party account like Gmail, Yahoo, or MSN. Be diligent and never reply to emails with your bank logins or passwords and always check where they are coming from first! When in doubt, call instead.
* Reset your passwords often: Too often, people have some pretty lame passwords, which allow their accounts to get hacked even without a phishing scam. Make sure your passwords are tough to guess, and try to change them every few months.
See the rest of the tips after the break.
* Get some password help: There are sites out there that can help you choose a hacker-proof password, but just don’t go writing it down in an easy-to-find place soon after you settle on one!
* Never forget your password again: You can use a device like Roboform to store your passwords digitally, then all you have to do is insert it into your computer’s USB port for access. Just keep that sucker under lock and key!
* Scammers aren’t afraid to call you: As if I need to tell you this, but giving away your passwords, login information, or social security number to a call that was unsolicited by you (meaning they called you, not the other way around) is asking for trouble. If you are asked to give your info out to a person who contacted you, get their name and/or employee ID number and call them back through the main 1-800 line, just to be safe.