Since the Epsilon breach, the customers of the company’s clients – such as US Bank, JPMorgan Chase, TiVo, Capital One, the Home Shopping Network, LL Bean Visa Card, Ritz-Carlton Rewards, Best Buy, Disney Destinations, Walgreens, and others – have had daily reminders that they could expect and be prepared for spear phishing emails coming their way.
But, phishing is not the only type of attack that can be mounted against them. Websense researchers have recently spotted a web page spoofing the Epsilon official website, i.e. the page with the press release regarding the breach.
Indeed, the attackers have simply taken some of the source code from the legitimate page:
Once a user has landed on the page, he reads that there has been an “update” to the press release which states that the investigation concluded that personally identifiable information was stolen.
In order to check if his information was stolen, the user is urged to download and install a Trojan dropper disguised as an “Epsilon Secure Connect Tool.”
Whether this attack has been mounted by the same hackers behind the breach is impossible to tell, but I suspect that some other malicious individuals have simply decided to take advantage of the situation.