Dow Jones & Co., the publisher of The Wall Street Journal, MarketWatch and Barron’s has just announced that it apparently was the victim of a hacking and resulting data breach which occurred between August of 2012 and July of 2015. Although it appears that the credit card and debit card information lost may have been limited to fewer than 3,500 Dow Jones customers, all of Dow Jones’ customers may have had their names, addresses, email addresses and phone numbers stolen. This raises the specter of spear phishing by which targeted individuals receive emails from companies with which they do business that come addressed to them by name and are tailored to appear legitimate and thereby more likely to entice the potential victims to provide personal information or click on links. Clicking on these links or providing the requested information will lead to identity theft. In this particular case, the victims may also expect to receive phone calls that appear to be legitimate requesting personal information under various guises. In some instances, by using a technique called “spoofing” the identity thief can even manipulate your Caller ID to make it appear that the call is from Dow Jones. Providing personal information in response to these calls will also result in identity theft.
If you were one of the approximately 3,500 people whose credit or debit card information was compromised you will receive a letter, not an email, text message or phone call from Dow Jones with information about free credit monitoring services to be offered those people by Dow Jones. If you wish to contact Dow Jones’ Customer Service department for more information, you can reach them at 800-568-7625.
As for the rest of us, whether you are a subscriber to any of Dow Jones’ publications or not, this is a reminder to never click on links in email or provide personal information in response to an email, text messages or phone calls unless you have confirmed that the communication is legitimate. Regardless of how legitimate looking the communication may appear, you can never be fully confident that it is legitimate unless you independently confirm this fact.