First Apparent Epsilon-Related Spam Reported
By Ken Magill
And so it has apparently begun.
The first case of spam that can be reasonably attributed to the well-publicized Epsilon data breach has been reported.
And there is evidence that whoever is sending the messages is no amateur.
According to Laura Atkins, principal at email deliverability consultancy Word to the Wise, she received two phishing emails yesterday to a uniquely tagged email address she supplied to Chase.
“That was an address that received a message in the beginning of April that said Epsilon had been hacked,” Atkins said.
Chase was one of more than 20 companies that sent messages to its customers in April saying its email service provider, Epsilon, had suffered a data breach and that customer names and email addresses may have been compromised.
Until now, there were no reported cases of spam that could be clearly linked to Epsilon’s breach.
Atkins, however, for professional reasons supplies each email list to which she subscribes a unique email address so she can tell if a particular list is being sold or has been compromised.
She said her unique Chase address received an Adobe phishing attempt, where the message says Adobe updates are available and urges the recipient to click through to a malicious site.
The address also received a phishing email claiming that peer-to-peer file sharing site LimeWire has been shut down and offering links to so-called alternatives which are also malicious Web sites.
“The interesting thing is people who use LimeWire are probably infected with a bunch of stuff anyway because they’re out there downloading anything that looks interesting,” she said.
And even more disturbing, the messages came from the servers of a well-known email service provider, according to Atkins.
“The mail came through a different ESP and it looks like that ESP had a customer that was compromised because it came through a customer account,” she said.
She declined to name the ESP.
“I respect them, so I’d rather not,” she said.
According to Atkins, it appears the spammer or spammers gained access to a customer account of the well-known ESP, uploaded an unknown number of email addresses and used the customer account to send the spam.
Using a hacked ESP customer account is apparently a way to use that customer’s clean email reputation to get the spam delivered.
Atkins’ husband, Steve, who also has email addresses uniquely tagged to some Epsilon customers, has received no spam at those addresses, said Atkins.
“I’m not sure if the list has been broken up and sold off in pieces … or if they’re just uploading parts of it,” she said.