The Epsilon hack seems to be the biggest breach of the year. The scope of the breach stands now at only customer names and email addresses. On the face of it, this looks like nearly worthless data – just a massive amount of email addresses to be used for spam. But considering these lists belong to about fifty of Epsilon’s global customers - from Target in the US to UK's popular Mothercare - the attacker has much more on his hands.

Correlating the information in the different lists opens up the opportunity for ‘spear-phishing’ campaigns. Spear-phishing emails target specific individuals. They give the impression of legitimacy by containing personal details that only an individual familiar with, or conducting business with, the victim should know. Take for example a Best Buy’s customer who banks which Chase. The hacker can use this data to send that customer an email, purporting to come from Chase, with the proposal of a unique credit card offering benefit when purchasing at specialized electronic retailers.

Yesterday, Intuit – the maker of tax refund preparation software – warned their customers about similar phishing campaigns following the Epsilon hack. But interestingly – Intuit is not even an Epsilon client! However, due to the timing of the Epsilon hack, Intuit found it reasonable to believe that hackers will initially use these lists to pounce on US citizens scurrying to meet the April 15th tax rebate deadline.  In fact, our research labs have shown that tax scams this year are on the rise. How do these tax scammers operate? You’re welcome to watch a short video based on our research findings, titled: Tax, Death, and Hackers.