According to news reports, hackers recently accessed the database of Epsilon, a large marketing company that sends emails on behalf of banks, stores and other businesses. Was your company an Epsilon client? If so, the stolen information could make it easier for crooks to send emails that appear to be from your brand.
Here are a few things you can do to help your customers avoid a phishing attack that abuses your brand.
Many companies have already sent a message to customers letting them know about the breach. If you haven’t, remind your customers that they shouldn’t respond if they get an email asking for sensitive information like a credit card number or Social Security number — even if it appears to be from your company. Responsible businesses don’t ask for sensitive information in unsolicited email.
Tell your customers how to get in touch with your customer service staff, in case they want to confirm that a future message is legit. Is the best method to use the contact information on their billing statement?
Finally, post information about the breach on your website, so your customers can find it if they receive phishing messages targeting your brand. You can include a link to the information about phishing scams at OnGuardOnline.gov/phishing.