It is being widely reported in the press that an estimated 24 million Zappos user accounts have been compromised.
Robert Siciliano, a McAfee consultant and identity theft expert, says he expects whoever hacked Zappos’s site will now sell the data to people who run phishing scams. “They’ll sell it 10,000 accounts at a time, short money, like $100,” he says. While hackers don’t have complete credit card numbers, Siciliano says there’s enough information for a hacker to approach affected users as either Zappos or the credit card company and then ask them for more data — the classic phishing scam — which might be supplemented with a voicemail “vishing” attack as well.
The bad guys now have very useful information with which to craft very convincing fake email. What they cannot do is use the real Zappos’s email servers. You can easily identify real email really coming from Zappos by using a tool to identify real email. You need eMail ID from Iconix.
Know Who. No Doubt. Use eMail ID.