Spear Phishing Season Is Declared Open

With the Epsilon breach announcement of last Friday, it seems every merchant under the sun is notifying their customers of the expected onslaught of electronic mail messages asking for bank account and credit card numbers among other personally identifiable information (PII).  Just in the last two days, I have received at least a half a dozen messages informing me of this possibility.

The result of this breach is likely to be the best spear phishing attack we have seen to date.  These phishing attacks will likely be highly targeted since the people that took the information from Epsilon know not only your name and email address, but also the merchant that the email address belonged.  While Epsilon states that only names and email addresses were taken, I would also think that all sorts of demographic information necessary to make these attacks very focused was also obtained.  That will mean the percentage of people responding to them will likely be higher than usual because of the level of detail that the attacks will be able to rely upon for targeting.  As a result, a lot of credit card numbers will likely get exposed.

So let us be prepared.  Even though you send out messages to your potentially affected customer base warning them of this possibility, there will likely be a lot of your customers that will end up getting caught in whatever scams get dreamed up.  Therefore you probably need to get your legal counsel up to speed as Epsilon and your company will likely end up embroiled in lawsuits regardless of the amount of warnings you issued.


0 Responses to “Spear Phishing Season Is Declared Open”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Welcome to the PCI Guru blog. The PCI Guru reserves the right to censor comments as they see fit. Sales people beware! This is not a place to push your goods and services.

April 2011

%d bloggers like this: