Affiliate Marketing Scam Leverages the Epsilon Breach

Affiliate marketing scammers are taking advantage of the media attention given to the large data breach at Epsilon in order to gather credit card information.

Earlier this year, hackers managed to break into servers belonging to Epsilon, one of the largest email marketing providers in the world, and walked away with the customer email lists of some of the top companies in US and abroad.

The incident made it into the mainstream media due to the huge volume of email addresses exposed and generated discussions about companies sharing customer information with partners.

The new scam was reported by researchers from the SANS Internet Storm Center (ISC) and comes under the form of a webpage alert where the name of the victim company can be easily replaced.

"We want to make you aware of a significant incident that has occured [sic.]. Recently, there was a massive system breach at Epsilon, a third party vendor that supplies marketing services to a number of companies, including [Company Name]. Files containing personal customer information were compromised," the page claims.

The goal is to scare users into applying for a credit report, which according to the website, requires identity validation via credit card.

People should be aware that they are entitled to one free credit report per year from each of the three credit reporting bureaus, Experian, Equifax and TransUnion. This means they can get one every four months.

They can also place a 90-day fraud alert on their credit files every year with each of the agencies for free. Timing them properly can get someone this type of credit protection for 9 months.

Finally, the rogue website has a disclaimer that makes it very clear that the page or its creator are not affiliated with the company named in the aler and that the whole site is an advertisement based on a fictitious story.