People whose identities may have been compromised by last month’s massive Epsilon data breach are now facing a new threat to their security.
In the wake of the March 30 data breach, in which hackers stole the email databases of dozens of major U.S. companies, including Citi, JPMorgan Chase, Capitol One, TiVo, Best Buy and L.L. Bean, a phony Epsilon website has sprung up, the security firm Websense reported.
The fake Epsilon page “has a very professional look and feel,” Websense said. With the façade of legitimacy, the website claims to have an “update” from Epsilon — in the form of a downloadable file called “Epsilon Secure Connect Tool” — that will tell you if your personal information was stolen.
Users who are worried they’ve become victims of the Epsilon security breach may want to open the file, but doing so automatically installs a Trojan on your system, which can then be used to run malicious code or gain access to your personal information. (Users should also keep in mind that the only legitimate website related to the company is epsilon.com — other sites purporting to be official Epsilon sites are fakes.)
Security experts urge users to never open suspicious attachments and to double-check the address of the sender. Also, if you’re at all unsure of the legitimacy of an email or an attachment, it’s best to call the company directly.