Compromised email? Avoid the scams

Reader George Reilly writes with a concern about a possibly compromised email account:

I’ve heard something about a security breach that might have given hackers some of my private information. Is this true and what can I do to protect myself?

It’s true. A company named Epsilon, which is responsible for a lot of today’s direct e-mail marketing, was subject to an attack that allowed the baddies to obtain e-mail addresses and names associated with those addresses. This, in itself, isn’t that big a deal. It’s the rare e-mail address that’s entirely unknown.

What makes this particular attack a bigger deal is that these addresses are associated with specific, big-name companies, including Best Buy, Walgreens, Marriot Rewards, TiVo, Citigroup, US Bank, JPMorgan Chase, and the Home Shopping Network. This means that the people who have obtained these addresses and names can more easily fashion bogus e-mail messages that look like the real thing. For example, you’re a Citigroup customer and receive a legitimate-looking e-mail message from an alleged Citigroup representative, suggesting that you need to update your personal information. Do so and you could find unwelcome charges on your next credit card bill.

There are a few things you can do. They include:

  • Knowledge is power. The first, of course, is knowing that this has occurred (and will likely occur again in many forms). Prior to this incident you should have been on your guard regarding any commercial e-mail message. This event should underscore that you have to take such messages with a large grain of salt.
  • Examine the pitch. Financial institutions, government agencies, and legitimate businesses never, ever send e-mail messages demanding that you update your personal information and provide such sensitive information as a bank account number, PIN, and social security number. If you receive such a demand, it’s a scam.
  • Check the link. More often than not, such messages include a Website link. In Apple’s Mail, hover your cursor over such links and wait for the yellow tooltips window to appear. Take a look at the address in this window rather than the one printed in the link. Does it lead you to the Website it purports to or are you being directed to something that sounds legit, but on closer examination clearly isn’t?
  • Don’t click the link. Scammers can be a clever lot and can fashion messages and links that look very convincing. Do not click links in these messages. Instead, if you’re concerned, launch your Web browser and go directly to the Website of the company you believe has contacted you (typing in the address yourself rather than pasting in a link). Check your account information. Do you see any notices there that confirm the e-mail message you’ve received? Probably not, but if so, give the company a call and speak to a representative.
  • Check the IP address. Return addresses for these messages are routinely forged, so don’t trust the legitimacy of a message based on the sender’s address. You may, however, be able to clear up some confusion by checking the sender’s IP address. To do that in Apple’s Mail, select the questionable message and choose View -> Message -> Long Headers. You want to look at the entries that appear after Received—specifically those entries in the form of [123.45.678.000] farthest down the list. Such entries indicate the IP address where the message originated. (Ignore any addresses that start with 192.168 or 10.0 as these are IP addresses used on a local network.) Having found one of these addresses, go somewhere like Geobytes’ IP Address Locator, enter the address in the IP Address To Locate field, and click Submit. Below you’ll find the region location for the address. If you see a location in Asia or the Pacific, you’ve been contacted by a scammer.

Subscribe to the Apple @ Work Newsletter

Comments