I recently received the following email at one of my personal email addresses:
From: Walmart <FraudPrevention@says.handlereduce.com>
To: Subscriber <firstname.lastname@example.org>
Sent: Fri, Oct 3, 2014 9:20 am
Subject: Walmart Customer Credit Breach Update
Dear Customers, Due to a recent credit card breach we are offering Walmart customers a FreeCreditCheck. This FreeCreditCheck will ensure that nobody has purchased anything in your name, identify if anyone else has access to your CreditReport, and monitor your current CreditScore and purchase history. Your Complimentary FreeCreditCheck is Available as of Friday, October 03, 2014
BAD LINK REMOVED FROM HERE
Reference Number: Mnh-bAjn
Friday, October 03, 2014
The Credit Report Team
Spammers looking to gain credentials/install malware on machines/do bad things in general are getting more and more creative with their messages. While spam/phishing emails used to have multiple misspellings and claimed you had won $1,000,000 that can be collected immediately upon providing your bank account information, messages such as the one above seem much more legitimate and likely to be clicked on by someone with their guard down. With all the recent credit card breaches in the news, the email sender’s motives seem all the more legitimate. Email users need to be wary of any message coming to their inbox these days.
A few rules of thumb to live by:
1. Never, ever, click on a link from an email address you don’t recognize. Ever.
2. Never enter your username and password information into any forms originating from email addresses you don’t recognize.
3. When in doubt, verify. Almost all online retailers have avenues for checking the validity of emails. For example, if you receive an email from eBay or PayPal, you can forward the message to email@example.com or firstname.lastname@example.org and they will promptly let you know if the email is legitimate.
4. A great resource related to internet based scams is the FBI website which can be found at: http://www.fbi.gov/scams-safety/e-scams.
Reducing the threat related to spam emails is all about education and awareness. These scams most often catch individuals and companies right at the moment their guard is down. By being extremely careful and skeptical, the risk can be reduced substantially.
If you have any questions regarding this or any other information security topics, feel free to reach out to us at any time.
Click here to download.
Shane M. O’Donnell, CISA, CPA, MSA
Chief Audit Executive