In the aftermath of security breaches like the recent Target security breach, attackers find ways leverage such situations for additional attacks. Targeted phishing attacks bring yet another reason as to why security awareness is so important for you and your organization.
When you see something such as the following, it is tempting to believe the claim is legitimate (especially knowing the “sender” did indeed have a recent breach): “With our recent breach we need to verify your online account information. Click here to update your information. Be sure to change your password for security purposes.”
Attackers send out these emails in hopes that at least some of the recipients have accounts with the company they are posing as. They try to capture personally identifiable information such as identification numbers (social security numbers in the US), passwords, security questions and answers, birthdates and then gain access to the account or some of your other accounts.
Stay on guard for such attacks. Never provide personal information on a webpage that you arrived to by clicking on a link in an email. Always enter in the trusted company website manually in a separate browser, and login through your traditional channel. If you feel the claim is legitimate, call the company directly by looking up their phone number on their website, not using any numbers provided in the email.
For more information on security best practices and security awareness training for your organization, click here.