First spam to Epsilon leaked address

This morning I received the first two spams to the address of mine that was compromised during the Epsilon compromise back in April. Actually, I received two of them. One was the “standard” Adobe phish email. The other was similar but referenced Limewire instead of Adobe.

Have you heard the big news? Limewire has shut down for good.
Want to know what other people are using as their alternative?
Find Out Here : http://www.phishingdomain.here.example.com
Our limewire alternative has been adopted by millions of limewire users around the globe.
Same great features, tons of files and it’s easy to use
Enjoy
Jimmy Choo
Limewire Insider

One of the very interesting things about this spam is that it came through an ESP. It looks like the customer of another ESP was compromised and their account used to send the spam.
Looks like the spam to the stolen Epsilon data has started.

End of quarter spam
Marketing or spamming?

Related Posts

User education doesn't work

A growing OSX security problem illustrates why user education is not the solution to virus, spam or malware problems.
HT: @briankrebs

Read More

Buying lists

The problem with buying lists is that you never know which consumers are already on your list and you risk spamming current subscribers.

Read More

Another kind of email breach

In all the recent discussions of email address thievery I’ve not seen anyone mention stealing addresses by abusing the legal system. And, yet, there’s at least one ambulance chasing lawyer that’s using email addresses that were never given to him by the recipients. Even worse, when asked about it he said that the courts told him he could use the email address and that we recipients had no recourse.
I’m not sure the spammer is necessarily wrong, but it’s a frustrating situation for both the recipient and the company that had their address list stolen.
A few years ago, law firm of Bursor and Fisher filed a host of class action lawsuits against various wireless carriers, including AT&T. At one point during the AT&T lawsuit the judge ruled that AT&T turn over their customer list, including email addresses, to Bursor and Fisher. Bursor and Fisher were then to send notices to all the AT&T subscribers notifying them of the suit.
This is not unreasonable. Contacting consumers by email to notify them of legal action makes a certain amount of sense.
But then Bursor and Fisher took it a step further. They looked at all these valid email addresses and decided they could use this for their own purposes. They started mailing advertisements to the AT&T wireless list.

Read More