While they (phishing emails) might not be immediately deadly, you can be sure that they are EVIL.
Last month I talked about suspicious links in emails and warned not to click on anything in an email that wasn’t initiated by you.
That was *before* the exposure of your email address via companies you love and trust. This is because a group (or individual) hacked into Epsilon, a service that many companies contract out to for marketing.
This means that you will receive emails today, or for the foreseeable future, from these companies and you will have no way of telling whether or not they are legitimate (or at least no easy way). And the list of companies affected is very long indeed.
I heard this morning on APM Marketplace Tech Report that one potential scheme might be to send out fake emails talking about the data breach trying to convince you to sign in to X company to change your password.
I think the only safe thing to do is to not click on any link in emails you receive. Unless they were somehow initiated by you. Here are some examples:
1. Password reactivation
2. You are getting confirmation for something you initiated (purchase, subscription etc…)
Phishing emails that look like they are coming from these companies will be in the form of warnings, offers, or generic protection offers.
Clicking on the link could be bad, but entering in your password to a site that you have gone to through the link could be worse.
Here are some more tips from PC Magazine. I think the most important tip in the list though is:
“Don’t click links in e-mail purportedly from your bank. If the message warns of an account problem that needs your attention, launch your browser and go directly to the bank’s site.”
This is a good idea for any company, not just for banks.