As the first phishing attacks begin to emerge targeting the millions of customers affected by the email data breach at Epsilon, there are indications that more than just email addresses and names may have been taken during the attack.
Some customers whose email addresses were compromised as part of the massive breach uncovered at Epsilon last week have reported that fraudsters have begun calling their mobile phones and sending unsolicited texts as part of scams. Some companies give customers the option of associating a mobile number with an email address when they sign up for notifications about new offers, account information or various other messages.
Epsilon officials say that only customer names and email addresses were accessed in the breach, which has continued to expand in recent days as more and more retailers and financial services companies notify their customers that their information was compromised in the attack. Among the more recent companies to become associated with the Epsilon breach are Dell, Crucial and Ritz-Carlton.
The companies typically use the mobile numbers in order to send text messages to customers, but they also offer an attractive option for fraudsters looking for a way to separate victims from their money. Phone-based scams have been around for decades, and they’ve fallen out of favor somewhat in the last few years as criminals have focused their attention on easier and more lucrative online scams.
Some customers affected by the breach at Epsilon also are reporting that they are getting breach notifications from companies they no longer deal with. Specifically, customers who have closed accounts with various credit-card providers say that they are being notified by those providers that their information was accessed in the attack.