By Steve Bass
Major Companies Hacked
Another hack attack: The bad guys gained access to the
database that stores customers’ names and e-mail addresses
for Capital One, JPMorgan, Brookstone, BestBuy, TiVo,
Walgreens, Kroger, and a long list of others
The breach occurred through Epsilon
, the firm each of the companies used to
manage their e-mail communication with customers.
Chances are good that if you’ve corresponded with any of
the companies, you’ll see phishing e-mails in your inbox.
They’ll likely be messages for you to confirm a recent
order, or reconfirm or update a credit card.
By this time in your computing career, I feel safe saying
you’re sophisticated enough not to be suckered in by
phishing e-mails. But I’ll play it safe: If the e-mail
looks authentic and asks you to click a link to go to the
company’s site, don’t do it. Instead, type the company’s
URL into your browser’s navigation field to go to the
There’s nothing you can do to prevent a third party from
exposing your e-mail address. But there’s a handy trick to
monitor if a company you’ve given an e-mail address to is
using it to spam you. And then block it so you’ll never
see it again.
A Nifty Spam Tracking Trick
Start using e-mail addresses that are specially — and
easily — coded. Create a new one for everything you sign
up for, things like newsletters, banking, coupon sites —
whatever. If you receive an e-mail from that address with
anything other than what you asked for, you’ll know the
company’s been breached — or is selling your e-mail
address to spammers.
The technique is called plus addressing and the trick is
to create an e-mail with an extra character between the
real e-mail address and the @ sign and domain. Don’t fret,
it’s easy to understand.
Many ISPs let you do plus addressing, but I’ll use Gmail
to describe how it works.
Let’s say your Gmail address is firstname.lastname@example.org
(and for the reasons I’ll explain in a minute, you ought
to use Gmail). When you sign up for a newsletter, say,
SuperUser, use email@example.com. Banking
with Chase? firstname.lastname@example.org. Got the idea?
Use a throwaway e-mail
to track spammers
Gmail understands what you’re doing and the e-mail still
lands in your inbox.
However, if you get something other than the newsletter at
that address, you can stop it in its tracks. Just create a
filter in Gmail (yep, I’ll get to that, too) that
automatically deletes anything from
email@example.com and you’ll never see it
Of course, once you filter that specific address into the
trash, you won’t see either the spam or the newsletter. If
you still want the newsletter delivered, create a new plus
address and resubscribe.
Besides Gmail, I’ve tested plus addressing with EarthLink
.html] (they use a hyphen —
firstname.lastname@example.org instead of the plus
sign). Neither MSN nor AOL is smart enough to use it;
experiment with your ISP to see if it works.