You got one (or more) email notifications saying that attackers have captured your email addresses.
Lots of noise and chatter floating around about this one, but this certainly isn’t anything new. A few measures of caution and you shouldn’t have anything to worry about. Everyone is expecting a fairly huge phishing/malware campaign though, so be at the ready for a ton of spam, clickjacking and other “click my link” type of attacks.
- Places who you’ve asked for newsletters, or signed up for mail will name you directly, not say “Dear User” or “Dear Customer”, or even “Dear <your email>”
- These places will never obfuscate their links with tinyurl or t.co or any other url shortener
- If you’re unsure about the URL they want you to click (be it twitter, or gmail or your bank) manually enter the root domain and navigate yourself – i.e: if you get a phish for gmail.com?owned=yes&gimme=yourmoney and it looks suspect, go to ‘gmail.com’ by hand and see if what happens.
- If you do see messages like that, be sure to report them to the institutions that are being spoofed, send them a copy, and then mark it as spam.
- Places dont ever ‘lose’ your information and ask you for it again. No place ever asks you to ‘update’ your account info.
- For facebook clickjacking attacks – hover your cursor over the video/link/whatever. If the url ISNT facebook, %100 chance its bogus. If it *IS* facebook, copy the url and paste it into google – see if you get any results like “this has been reported for malware”.
- Be smart – with as much spam and malware links as we’re expecting – dont share really stupid crap on facebook and twitter – you’re gonna get marked as spam
Thats it! Just a bit of common sense and caution.
Now move along smartly!
My gmail account is sending out fake emails from my name. It started around the same couple of days that Epsilon got hacked. I have tried to change my password and checked for viruses… no luck. My contacts are still getting spam from me. Do you think its related? And how do I make it stop?
Thanks for the info Dan. Greatly appreciated.
There’s a good article on CNET titled “Who is Epsilon and why does it have my data?” http://news.cnet.com/8301-27080_3-20051038-245.html?tag=mncol and a list of breached orgs on databreaches.net titled “And the hits just keep on coming for Epsilon” http://www.databreaches.net/?p=17374 .
-Anthony.
Are you sure its your account? Check your sent mailbox.
Also, change all your passwords.
I’d start there.
Next, have your contacts view the mail headers on the messages theyre getting – theres a high probability that its not actually your account sending them, but some spammer using your email address as a ‘from’ address on spam messages.