Have you gotten a phishing phone call after the Epsilon breach? (updated)
I received the following email from a blog reader this morning:
FYI I have received 3 phishing emails in the last 12 hours including emails purportedly from Charter, Walgreens, and Citibank; of special interest however is the fact that I received a phone call on my home phone and the ID listed the caller as ‘Hilton.’ I was not expecting a call from Hilton, and there is no reason for HIlton to call me. When I answered the phone, the caller simply hung up.
Is it possible that the Epsilon breach also included some phone numbers?
Has anyone else gotten any suspicious phone calls like that after finding out that their name and email address were involved in the Epsilon breach? You can use the Comments section below, but more importantly, if you do get a phishing attempt, let the Secret Service know: [email protected]
Update: In a comment to this post, Neil Schwartzman appropriately points out that some phishing attempts may be opportunistic. I followed up with the original correspondent, and his response is a great example of how confusing this can all be for consumers:
I did not receive an email from Hilton ‘confirming’ a breach of my info, but I do not believe in coincidence and there was no reason for me to get a call from Hilton. I do have accounts with Hilton and noticed their name on your website list of companies involved.
To be honest with you, how can we know that the so-called notices of possible breach are not phishing emails in and of themselves. I received three ‘notices of possible breach’ … Charter, Walgreen, and Citibank. All three notices came to us by way of an email address that we discontinued 3 years ago and no longer currently use in our dealings with the above companies; notices to that old address are still forwarded to us internally by our email provider (redacted). The Citibank email came with the ‘last four digits of (your) credit card.’ The numbers did not match any of our cards. When I checked with a Charter live-chat agent, he denied that the notice came from Charter and went so far as to say that Charter did not use Epsilon. All three notices of ‘possible breach’ came with live sites/icons in the body of the email. I have no intention to click on any of those live icons to find where they lead.
As far as I am concerned, any so-called ‘notice of possible breach’ should not contain a live icon or address at all! These ‘notices of possible breach’ could easily be ‘phishing’ in its most devious form.
Who to trust now????!!!!
Indeed. Perhaps one of the aftermaths of this breach will be that businesses are hurt because consumers become less likely to click on links in their promotional emails, fearing that they are phishing attempts/malware.