BBB Warns of Phishing Email Received from Epsilon Data Breach

April 08, 2011

Just days after millions of customers' email addresses were stolen in one of the largest data breaches in U.S. history, the Better Business Bureau is seeing one of the first Epsilon data breach phishing schemes.

Phishing, a popular emailing scheme, is a term coined by computer hackers who use email to fish the Internet hoping to hook you into giving them your logins, passwords and/or credit card information. If you are a customer of one of the companies that had email data stolen, BBB is warning you to be on the lookout for phishing emails.

Typical phishing schemers pose as reputable companies to fraudulently obtain your personal information. In this case, the BBB is now seeing emails being sent from a fake 'Chase Bank,' one of the companies whose data was compromised. Following suit, the email warns that ‘your account’ will be deactivated or deleted if you do not update your profile immediately. The email instructs you to update your account by clicking on the link provided.

“Hackers are looking for you to respond with vital information that can ultimately lead to identity theft,” said Karen Nalven, President of BBB serving West Florida.  “Consumers need to recognize the red flags in order to keep their identity protected.”

BBB advises consumers that there could be other phishing emails shooting through cyberspace and to do the following if they suspect they have fallen victim to a phishing scam.

Never reply to the email. If the message includes a link within it, never click it. Many schemers use this as way to spread a viral attack on your computer. 

Do not give personal or financial information to anyone who contacts you via email. Even if they claim they are from your bank, the IRS or a law enforcement agency, these businesses will not contact you via email; they will send you a letter.

Spread the word. Discuss phishing schemes with all the members of your family who have email addresses. Young people are very computer savvy, but may not be scheme savvy, and older adults are specifically targeted because they are often very trusting.

Transmitted information should be encrypted. When sending personal information like addresses, credit card numbers and Social Security numbers over the Internet, make sure the website is fully encrypted and the network is secure. Look for https (the “s” stands for secure) at the beginning of the URL address to confirm its security.

Know the red flags. Watch out for grammatical mistakes in emails. Poor grammar or misspelled words are red flags that the email is probably not legitimate. Most importantly, never wire money based on instructions in one of these suspicious emails. Schemers prey on those who think they need to wire money to have a situation resolved.
Protect your computer. Keep your anti-virus software up-to-date and run it regularly.

Contact the Federal Trade Commission. The FTC works to legally prevent fraudulent business practices in the marketplace. File a complaint with the FTC by calling 1-877-HELP.

A sample of the fraudulent email claiming to be from Chase Online Banking follows:

Chase Email

For more information about phishing schemes, visit