Since this is likely to affect a large number of people, thought I'd post something for those who don't spend the day surfing nerd news.

Last week a company named Epsilon that handles email communications for a number of large corporations was hacked and their database of email addresses was stolen. It is expected that those emails will be heavily targeted by phishing scams -- emails pretending to be from a legitimate corporation asking you to "confirm" information like account numbers, passwords, etc. -- and already many people are reporting a substantial increase in spam to those addresses.

Among the (over 2,500) clients of Epsilon are Citigroup, Capital One, JP Morgan Chase, Best Buy, and Home Depot. If you receive email purporting to be from them (or indeed any company with which you do business) that's asking you to click a link to "verify your account" or otherwise email personal or account information to them, be suspicious. No legitimate, competent company will ever ask you to send passwords over email, but sometimes the emails will incorporate real logos and give innocuous-seeming links (like the recent spate of fake UPS emails) that either direct you to virus sites or provide you with a bogus version of the real company's website and then prompt you to log in or otherwise provide personal or financial information. Obviously none of those things are in your best interests to do.

If you receive such an email and are not sure if the email is legitimate or not, the best course is to go directly to the company's website by typing in the correct url in the navigation bar of your browser, NOT to click on any links provided in the email itself.

For more information about this data breach, please see:
http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishi ng_attacks.html

Some of the companies affected are sending out warning emails to their users; this is a good thing, but it probably won't take long for very similar but fake warning emails to start joining the mix.

-Suzanne, nerd-when-not-writing

Hey, thanks for the heads up. I actually got an e mail from my bank US Bank warning me about this very thing. Didn't really pay attention to it cause I thought it was junk mail but now I will keep an eye on my mail. :)

You can add Disney to that list as well.

I've already gotten a bogus email attributed to them, but the wording in the subject line was so ridiculously bad I didn't bother to open it. A day later Disney sent out their warning over the breach.

Oooh, I didn't notice that Disney was on the list. I do know it's an awful lot of very big companies. With the fake UPS ones, the text was initially ridiculously bad, but we saw several iterations of it over the course of a month or so that got increasingly more subtle and real-looking, and sad to say nailed a couple of my users despite previous warnings from me. )-:

-Suzanne

Yeah, Chase emailed me about this. For me, it's just more spam to ignore.

I got emails from both chase and USbank. Since I no longer have accounts with either of them I'm not too concerned. Also it seems all they got was my email address? Not too worried about that but i bet will get some interesting spam.

I feel a need to put a note up though just in case some one needs it.

When every you get a confirm email you did not solicit, delete it and go to the website using your address bar, if they really need some thing from you it will show up when you log into their site.

Thanks, Suzanne. I happened to hear about it before I had emails from Chase and Best Buy warning me not to click through on such links, and one--Best Buy, I think, but I'm not sure--assured me that only my name and email had been compromised, not any other data.

Still, scary stuff.

Maryn, fraidy-cat

Chase is officially sorry for all this inconvenience.

During this emergency, empty your bank accounts and send me all your money in small, unmarked bills. I'll stuff it in my mattress for you until I'm absolutely sure it's safe to send back.

Thanks for the heads up.

However, I'm not really worried about falling prey to a scam and losing my money. I recently happened to have been contacted by a Nigerian prince who needs help transferring several million dollars of funds to America, and let's just say that, pretty soon, I'll have more money than I know what to do with.

Marriott Hotels was also affected by this breach.

Chase - the check's in the mail. :)

Chase is officially sorry for all this inconvenience.

During this emergency, empty your bank accounts and send me all your money in small, unmarked bills. I'll stuff it in my mattress for you until I'm absolutely sure it's safe to send back.

Ah Chase. You and me need to have some words.

::shot gun loading noise::

Seriously though, if a Chase agent ever walked in my house I'd consider it a house invasion. I still have problems with them and I haven't had an account with the in more than a year. They like buying insurance in my name for example.

Some of the companies affected are sending out warning emails to their users; this is a good thing, but it probably won't take long for very similar but fake warning emails to start joining the mix.

-Suzanne, nerd-when-not-writing

I got my first fake one, from some phisher claiming to be 1-800-Flowers. I have done business with them in the past but they do not have my email address on file. Best to follow zanzjan's advice.