Following the compromise of contact information such as names and email addresses for 76 million individual customers and 7 million small businesses, JPMorgan Chase is preparing for spearphishing attacks against its customers.
.
Followers of Iconix know what spearphishing is — the bad guy sends an email that pretends to be from a trusted sender. The recipient clicks a link or opens an attachment and bad things happen. When that attack targets bank customers, the obvious bad thing is a compromise that will steal the victim’s money from the compromised bank. Fox News reports a list of other bad things the bad guy can do:
- Steal identifying information to use in identity theft
- Steal confidential information from your computer
- Enlist your computer into a botnet for use for denial of service attacks
A JPMorgan Chase official is quote as warning:
The way the hackers do it is, they start with small charges on your Visa or MasterCard, $1, $10, $50, to see if their hack works, then they ramp it up and go bigger with a larger hit and run charge.
We suggest that another good measure is the adoption of the Iconix Truemark service by webmail providers so that users can easily distinguish real emails from attacks.