Warning for Earthlink users

Thanks. I received a suspicious one from "Google" via gmail a while ago but didn't open it, Not much gets through the wire here.

This discussion from the main source of professional computer support suggests that AVG can find it.

I use Mailwasher to scan all headers on the server. It will download a user settable number of lines so you can get an idea what the message is about. Anything I find suspicious, I'll either delete, or if from a friend, delay downloading messages until I obtain verification that it's safe. It's really a great program, but might be others now that offer the same functionality.

Jon

I've heard of mailwasher before, but that's pretty much the same thing that Earthlink's filters do (if set high).

This event looks a lot like somebody hacked into their system and found a weak spot...

Dam! I hate when that happens!

Some may dismiss the type of data harvested as a minor threat, but having access to customer lists opens the opportunity for targeted phishing attacks to customers who expect communications from these brands. Being able to send a targeted phishing message to a bank customer and personally address them by name will certainly result in a much higher ?hit rate? than a typical ?blind? spamming campaign would yield. So having access to this information will just help phishing attacks achieve a higher success rate.

A Marriott Rewards & Ritz Carlton Rewards spokesperson told SecurityWeek that their customer names, email addresses, and member point balances were exposed:

"We recently discovered that one of our third parties? computer systems was tampered with. Tampering with our systems by an unauthorized person or persons is an illegal act and we reported this incident to a law enforcement agency who is currently investigating this matter. The unauthorized person(s) had access to email addresses and member point balances. They did not have access to member addresses, account logins and passwords, credit card information or other personal data," the spokesperson wrote in an email.

Correction: The Marriott Rewards spokesperson contacted us on Sunday to correct their initial statement, saying that member point balances were not disclosed afterall.

Citi also warned customers over Twitter about the incident, Tweeting the following: "Please be careful of phishing scams via email. Statement from Citi for our valued Customers regarding Epsilon & email" with a link to the following statement: "Because e-mail addresses can be used for "phishing" attacks, we want to remind our customers that Citi uses an Email Security Zone in all our email to help them recognize that the email was sent by us. Customers should check the Email Security Zone to verify that email they have received is from Citi and reduce the risk of personal information being 'phished.'"

As the initial disclosure by Epsilon occurred late in the day on Friday, I expect several more brands to be announcing that they?ve been affected by the breach as well. When asked to comment, Epsilon has refused to provide additional details on what other brands may have been affected.