Sunday, 8 May 2011

Why you will soon have more sophisticated spam - and why you should not trust Amazon

We have all heard about the recent hack into the Sony PlayStation Network, in which the details of around 75 million account holders were stolen. So what, you may be thinking, if you are not a Sony PlayStation customer.

What you may not be aware of, due to much less publicity, is the recent hack of a company called Epsilon. Again, you may not be too concerned as you've never even heard of Epsilon. Sadly, you may not have heard of them, but you almost certainly have had dealings with them. And they have allowed a hacker to steal their email address database, complete with names.

Epsilon is the world's largest provider of legitimate email marketing services and many large corporations use Epsilon to send out emails to their customers. According to Security Week, "Epsilon sends over 40 billion emails annually and counts over 2,500 clients, including 7 of the Fortune 10 to build and host their customer databases."

So the chances are very high that the Epsilon database holds your live email address and real name. This is very powerful data for an email scammer who can now use that information to construct a very believable email, which will attempt to entice you to part with your credit card details.

Even if you always "opt out" of marketing emails your details have been stolen. Opting out simply adds a marker to your email address to say that you don't wish to receive marketing emails. Your name and email address are still in the database. (Many companies quietly remove that marker now and again, just to see if you then unsubscribe to their marketing emails!)

Epsilon are US based, which is why the British press haven't commented on the issue. But they are used by many major British companies, although only two seem to have come forward so far to admit that they are involved, (Marks and Spencer and Mothercare).

However, I have good reasons to believe that Amazon - a very trusted name in online retailing - and have both lost my personal information. Whether or not this is through the Epsilon hack I can not say, but it would seem too coincidental not to be the case.

Why do I think this? I have my own domain - let's call it This allows me to have an unlimited number of email addresses on that domain, which are all forwarded to my main email address. So, I can set up an address such as and tell Amazon to use that address when communicating with me.

By this method I can tell when a specific organisation allows my email address to be used by other people, either because they have sold it or carelessly lost it. I can then stop using that company as I no longer trust them.

I send flowers to my Mother (ahh, bless!) through the excellent service provided online by Marks and Spencer. To do this I have given Marks and Spencer an email address of As soon as the Epsilon hack had happened I received an email from M & S telling me that this had occurred and warning me that my name and email address had been stolen from their database.

At around the same time I have started receiving junk emails addressed to and I have asked Amazon to confirm they have lost my email address through the Epsilon hack. They have chosen to stonewall me by saying, "Unfortunately, aside from what is already in print, we are not able to provide the public with any information regarding the inner workings of our company."

So, who do I now trust? Marks and Spencer have had the courage and simple decency to warn me that they have been hacked. I now believe that they will be proactively addressing the issue.

Amazon, on the other hand, have chosen to tell me absolutely nothing, suggesting a holier-than-thou attitude towards MY data. They have ignored the fact that the inner workings of their company are only possible if they have customers and, furthermore, those customers must be kept loyal. I no longer trust Amazon with my details, and I certainly do not trust them with my credit card details!

Because of the Epsilon hack you will notice an increase in more cleverly composed spam. Not only do they know your email address, they know your name.

You can protect yourself to some extent by:
1. Set up a free email address, through Hotmail or Gmail etc, for use when buying online. If necessary you can drop that email address and set up another.
2. Use a false name online. The name you use for a user account can be different to the name used on your credit card.
3. Always use a false date of birth online.
4. Set up a credit card purely for use online. Or, better still, use a pre-pay credit card for online use to limit your exposure.
5. Never click a link to a website in an email. Always open your web browser and write in the address yourself, or use your "Bookmarks" or "Favourites".
6. Never believe an email is from who it claims to be from. It is very simple to "spoof" the address it appears to have come from.
7. Always keep your anti-virus programme up to date, but do not rely on it totally. It relies on you not to click that link!
8. Don't trust online only retailers, such as Amazon, who you can not contact face-to-face and who are in denial of YOUR problem.

The IT Dept was an Amazon Affiliate and we were advertising their goods on our web site. This is no longer the case as we have lost all trust and faith in them. However, you'll be pleased to know that I will still be sending Mother flowers through M & S.

If you enjoyed this blog please consider donating £1.00!
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2011