Cleverly covered up as an affiliate marketing scheme, the data breach is labeled the biggest in the history of the Internet (1).
Affiliate marketing is a common and legal way for people to join up with companies to make money. In this instance, Da Silva’s company, Marketbay.com, effectively hired Nguyen and Vu to promote their company’s products. The affiliated marketer, in this case Nguyen, created content to encourage readers to click on the company’s website link and make a purchase. When the customer clicked and bought, the marketer was paid by the company and both earned money.
Rather than working hard to build a digital platform and audience from which to sell Da Silva’s products as affiliate marketers should do, Nguyen supposedly hacked into email service provider companies across the US and stole millions of email addresses. He then used the companies to send out spam emails to these unsuspecting people. The emails contained details of and links to Da Silva’s products.
Email service providers offer their clients bulk email services, usually for marketing purposes. This means that they send out email in large quantities to people who have signed up to received such correspondence, unlike unsolicited ‘spam’ email.
Nguyen seems to have been the main instigator of this crime ring. Authorities suspect it was him who hacked into the email service providers’ databases to launch these spam attacks. Although he gained access to the companies in a variety of ways, one method included sending an email to the employees of the company with a link connected to malware. Once the ill-educated employee clicked on the link, the malware installed giving Nguyen access to the company and their clients’ personal information.
While Da Silva could easily have been doing innocent business, he claims that he did know that Nguyen was using stolen email addresses and spamming them. This venture has reportedly earned Da Silva and Nguyen $2 million each between 2009 and 2011 (1) by Nguyen hacking into at least eight (2) service providers. The service providers have not been named although Epsilon has confirmed (3) that it is one of the victims from 2011.
Nguyen, Vu and Da Silva have only been charged with these offences to date, and have not yet been tried or found guilty. Da Silva was arrested earlier this year. And while Vu has been arrested and pleaded guilty, Nguyen has not yet been found (4).
Protect Your Email
While the FBI is working with partners to put a stop to these crimes, and companies are investing more in their security, there are some things that you can do to help keep your email secure from hackers (6).
–> Choose a strong password. You’ve heard this over and over, but a strong password really is one of your best defenses against hackers. Make the password at least 16 characters long and use a mixture of upper and lower case letters with numbers. Avoid using real words and instead try to randomly choose the characters.
–> Choose an email provider which uses a two factor authentication. This is becoming more popular so it’s easy to find an email provider that offers this level of protection. Once you have entered your username and password, you will be asked for further information, usually a unique code sent to your phone, to establish that you are who you say you are.
If your email address is stolen from another company, there is little you can do about it. But remember not to click on any link inside an email that you do not know and trust. If in doubt, always go straight to the website without clicking on the link.