First spam to Epsilon leaked address

This morning I received the first two spams to the address of mine that was compromised during the Epsilon compromise back in April. Actually, I received two of them. One was the “standard” Adobe phish email. The other was similar but referenced Limewire instead of Adobe.

Have you heard the big news? Limewire has shut down for good.
Want to know what other people are using as their alternative?
Find Out Here : http://www.phishingdomain.here.example.com
Our limewire alternative has been adopted by millions of limewire users around the globe.
Same great features, tons of files and it’s easy to use
Enjoy
Jimmy Choo
Limewire Insider

One of the very interesting things about this spam is that it came through an ESP. It looks like the customer of another ESP was compromised and their account used to send the spam.
Looks like the spam to the stolen Epsilon data has started.

Related Posts

Monitoring customers at ESPs

In the past I’ve talked about vetting clients, and what best effort encompasses when ESPS try to keep bad actors out of their systems. But what does an ESP do to monitor clients ongoing? Al Iverson from ExactTarget says that they:

Read More

Security framework document published

The Online Trust Alliance has published a security framework for ESPs.
Overall, I think it’s a useful starting point. I don’t agree with all of their suggestions. Some of them are expensive and provide little increase in security. While others decrease security, like the suggestion to force regular password changes.
I think the most important part of the document is the question section. The key to effective security measures is understanding threats. Answering the self assessment questions and thinking about internal processes will help identify potential threats and their vectors.
The document is not a panacea, and even companies that implement all of their recommendations will still be open to attacks from other avenues. But it certainly is a very good way to open the security discussion.

Read More

Buying lists

The problem with buying lists is that you never know which consumers are already on your list and you risk spamming current subscribers.

Read More