I received an email which appeared to be from Dell with the subject An Important Message from Dell Australia, so I decided to investigate. Over the last couple of days I've noticed the company Epsilon in the USA, which is a permission based email marketing company (emailing out on behalf of some 2,500 companies) was hacked and some of the companies mailing lists may have been obtained by others. Epsilon reportedly sends out around 40 billion emails a year, so as you can appreciate the number of contacts in the client mailing lists would be massive.
So far it has been suggested that about 50 companies of the 2,500 may have had their mailing lists hacked.
What that means for consumers is the potential threat of what is called a "spear phishing" attack. Phishing is where you receive an email which tries to trick you into revealing your information. We are all used to seeing emails like this supposedly being sent from banks and other financial organisations, but it isn't limited to just financial organisations. It could just as easily be a web mail account, a social networking site or any well know brand. However a phishing attack generally doesn't identify you personally.
With a spear phishing attach the chances of getting past the person's guard increases considerably because it can contain your name and perhaps other information such as the reward points you've accumulated to give the email credibility.
In the case of this email from Dell, to the best of my knowledge it is legitimate. Every link in the email resolves to a Dell site. I should add I haven't done business with Dell for a number of years so keep in mind your details may still be active even years later. The email came from New York. Dell in my opinion would be better placed if they localised their emails and sent them from the country where the person is doing business.
With a cursory check of the email I was only able to say the email looks legitimate. There is always the possibility of those with the mailing list sending a hoax email, which would be little more than a nuisance. Further investigation of the source of the email shows it is from Epsilon, which would mean the email is almost certainly legitimate. The fact that is was sent by Epsilon and to me I thought it was Dell, shows just how easy it is for anyone to send an email on behalf of someone else and making it look legitimate. That is after all the service provided by email marketing companies.
Other companies that have so far been identified as having the compromised mailing lists that I recognise as relevant to Australia are: JPMorgan Chase, Citi and Target. However I don't know if this is relevant to Target Australia. It may not be.
I haven't included the full list here as I believe the company collating the material which others use should get credit and the only way that takes place on the internet is if you link to their information. The following is a link to a site which has collated a list of brands. I don't know if their list is theirs or whether they are simply reporting other people's material without credit to the source, but that is their choice.
You will notice that Dell is not on the list as of writing this blog entry.
What this does mean is we'd all be advised to be even more careful with emails we receive that contain links. The added credibility of malicious emails being directed to a named recipient with additional supporting information is indeed a concern.
Full credit to Dell for taking swift action.
With JustLocal my policy is not to have email lists available via the internet. I don't use mailing list companies as there is no way anyone can ensure systems can't be hacked. This causes considerable inconvenience for me, but I do this out of respect to those on my mailing list.
Kelvin Eldridge
http://www.onlineconnections.com.au/
So far it has been suggested that about 50 companies of the 2,500 may have had their mailing lists hacked.
What that means for consumers is the potential threat of what is called a "spear phishing" attack. Phishing is where you receive an email which tries to trick you into revealing your information. We are all used to seeing emails like this supposedly being sent from banks and other financial organisations, but it isn't limited to just financial organisations. It could just as easily be a web mail account, a social networking site or any well know brand. However a phishing attack generally doesn't identify you personally.
With a spear phishing attach the chances of getting past the person's guard increases considerably because it can contain your name and perhaps other information such as the reward points you've accumulated to give the email credibility.
In the case of this email from Dell, to the best of my knowledge it is legitimate. Every link in the email resolves to a Dell site. I should add I haven't done business with Dell for a number of years so keep in mind your details may still be active even years later. The email came from New York. Dell in my opinion would be better placed if they localised their emails and sent them from the country where the person is doing business.
With a cursory check of the email I was only able to say the email looks legitimate. There is always the possibility of those with the mailing list sending a hoax email, which would be little more than a nuisance. Further investigation of the source of the email shows it is from Epsilon, which would mean the email is almost certainly legitimate. The fact that is was sent by Epsilon and to me I thought it was Dell, shows just how easy it is for anyone to send an email on behalf of someone else and making it look legitimate. That is after all the service provided by email marketing companies.
Other companies that have so far been identified as having the compromised mailing lists that I recognise as relevant to Australia are: JPMorgan Chase, Citi and Target. However I don't know if this is relevant to Target Australia. It may not be.
I haven't included the full list here as I believe the company collating the material which others use should get credit and the only way that takes place on the internet is if you link to their information. The following is a link to a site which has collated a list of brands. I don't know if their list is theirs or whether they are simply reporting other people's material without credit to the source, but that is their choice.
You will notice that Dell is not on the list as of writing this blog entry.
What this does mean is we'd all be advised to be even more careful with emails we receive that contain links. The added credibility of malicious emails being directed to a named recipient with additional supporting information is indeed a concern.
Full credit to Dell for taking swift action.
With JustLocal my policy is not to have email lists available via the internet. I don't use mailing list companies as there is no way anyone can ensure systems can't be hacked. This causes considerable inconvenience for me, but I do this out of respect to those on my mailing list.
Kelvin Eldridge
http://www.onlineconnections.com.au/
No comments:
Post a Comment