Cyber thieves have been running rampant over the past few weeks, and if you regularly shop online, bank online or play games, you might have received an email alerting you that your data may have been compromised. The recent rash of attacks goes to show that we need to be vigilant to be sure our money is protected because even the biggest of companies are vulnerable.
What did the thieves do? They stole personal data you gave to some huge companies. They took credit card information you gave to Sony in two separate massive attacks — including one on the company's online games network announced this week. And they took user information from those using Skype.
The Kick-off Threat
This burst of thefts started with a break-in to the computers at Epsilon, a marketing company that sends promotional emails on behalf of some of the best known companies in the country: Bank of America, Chase, Citi, Hilton, Best Buy, Target, TiVo, Brookstone and Walgreens.
- What did they get? Names and email addresses.
- The risk: Phishing attacks that are harder to see through because the crooks know who you do business with and can address the emails to you personally.
Going After Gamers
Then Sony revealed that the account information of tens of million of its users, including their credit cards, was stolen. This was one of the largest data thefts ever, and the potential danger for anyone signed up for their service is extreme.
- What did they get? All personal identifying information about users, including names, home addresses and phone numbers and, most frightening of all, credit card numbers. The second theft, announced on Monday, which targeted the Sony Online Entertainment customers appears to have compromised all user information except for the card numbers.
- The risk: Outright theft by credit card fraud or additional highly targeted phishing attacks known as "spear phishing" because the user has so much personal information about the target.
Careful With Calling
With Skype it's not clear what the thieves got because the company says the exposure of user information due to problems with the company's Android app are not at the root of a recent scam revealed by TheConsumerChronicle.com.
- What did they get? This is still not clear, but stay tuned for more information as it is released.
- The risk: Calls placed to Skype users that announce your system is infected and you need to go to a specific website that will direct you to buy malware removal tools.
What You Can Do
All these thefts paint a scary picture, but there are steps you can take to avoid phishing attacks and to ensure you minimize your exposure to fraud:
- Do not send your personal information in response to an email, even if it appears to be coming from a company you do business with
- Beware of links in emails and do not input your personal information if requested on the pages that open from those links (if you do click)
- Note the URL that an email link is going to take you to by pointing your mouse over the link (that will quite often reveal that you're going to a spoof site)
- If you have a question about the validity of a communication from a company you do business with, call a known phone number (such as the one on the back of your credit card) and not a number or email contact that is sent to you
- Monitor your credit card charges and immediately report any usage that is not yours (you are not responsible for fraudulent charges that are promptly reported)
- Check your credit report every few months to ensure someone is not opening credit in your name. You are entitled to a free report once a year from each of the big three credit reporting agencies from this site they have set up.
Do you have a question about data breaches, your online safety or another consumer protection matter? Mitch Lipka may be able to help. Click here to email a question.