Banks, credit-card issuers warn of email breach

Posted: Updated:

NEW YORK (AP) — Major banks and credit-card issuers Capital One, Barclays Bank, U.S. Bancorp and Citigroup have joined the list of companies warning customers that hackers may have learned their email addresses.

The companies all use a Dallas-based company called Epsilon to manage their emails to customers. Epsilon said Friday that its system had been breached, exposing email addresses and customer names but no other personal information.

The hackers also gained access to the email addresses of customers of JPMorgan Chase & Co., Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.

The affected companies said the email addresses could be used to target "phishing" attacks — seemingly legitimate emails that try to coax account login information from victims.

Javier Soto talked to Ken Colburn of The Data Doctors about what could be at risk and what consumers should and should not do.

"It's going to make for more spam and more junk, and that's where people will really have to be paying attention," Colburn said.

This breach will allow the hackers to do what's called "spear phishing."

"If they know you bank at a certain bank and they know your name, they can formulate a really convincing email," Colburn explained. "If you're not paying attention, if you click on the link, you start to give up information you shouldn't."

The affects of the security breach are not one-time or short-term. Spam emails and spear phishing attacks will likely be seen for quite some time. The perpetrators' goal is to sell your information to spammers all over the world.

"You really have to be on your toes for these spear phishing schemes where they're trying to convince that they are who they're not," Colburn said.

According to Colburn, the best way to protect yourself is to never click on links in emails, even if they appear to be from a bank or company with which you do business. Rather, go to the bank's website yourself. If there is a legitimate warning or issue of which you need to be aware, it will show up there.

"Don't click on those links, no matter how convincing the email is," he said.

While the information that was compromised is relatively benign by itself, it's how that information can be used that is of concern.

"They can use this to convince you that they're somebody that they're not and that's where the danger is," Colburn said. "This is just part of driving on the information superhighway. It's one of the dangers ... Be paranoid when it comes to email. About 90 percent of what you get, you shouldn't believe."