Big guys get hacked, so little guys should watch out

Even Dairy Queen?! Is nothing sacred to cyber hackers?

This week it was revealed that not only had JPMorgan Chase been thoroughly hacked--revealing the names, addresses, phone numbers and e-mails of some 83 million individuals and businesses -- but another nine leading U.S. financial institutions had been attacked, apparently by the same hackers. And now, even Dairy Queen says hackers gained access to its customer credit and debit card information at 395 of its stores.

So essentially we're all prey to digital criminals today. But security experts say we don't all have to be victims.

"Depending on the information taken in the recent breaches, there could be an increase to consumer's risk of e-mail span or phishing attacks," Joe Schumacher, security consultant at Neohapsis, told Phishing attacks are usually e-mails from criminals that look like messages from friends or familiar companies that trick the recipient into clicking on a link with malware or a site that steals personal information. For that reason alone, Schumacher and experts say using anti-virus software, much of which is free, is a smart idea because these programs warn about malicious Web sites.

So, even though hackers didn't get account information in the massive Chase attack, they will use the information they gleaned to send out fake e-mails trying to obtain account information.

In addition, "the mere announcement of a breach may lead a different cyber criminal to send malicious warning messages to people," Roel Schouwenberg, principal security researcher at Kaspersky Lab, explained to "So be even more suspicious of any message coming from your bank or credit card company."

A layered defense that includes anti-virus software but also "ad blockers and password managers can help keep end-users protected," noted Chris Boyd, malware intelligence analyst at Malwarebytes Labs.

Security experts are just as frustrated by the recent break-ins as consumers. As Bogdan Botezatu, a senior e-threat analyst at Bitdefender, told, "Data that has already fallen into the wrong hands cannot be simply fetched back, and chances are that data is going to be exploited without the user even knowing until it is too late."

One would think that after such an embarrassing misstep, a bank would be contrite about its technical  weakness and alert each and every customer. Not Chase. The attacks began in the early summer, and it has not alerted individual account holders as of October.

"Even big banks that we trust with our money can make mistakes, and on the Internet, no mistake goes unpunished," emphasized Dr. Mike Lloyd, chief technical officer at RedSeal Networks.

Consequently, consumers should not wait until they hear about a breech because companies often wait several months before warning customers. Michele Borovac, a vice president at cloud services security firm HyTrust recommends that people who shop online should change passwords frequently. Also monitor your credit card bills. "Thieves will often test to see if a card is good by making very small charges before ringing up big ones," says Borovac.

With the holiday shopping season fast approaching, that may be the wisest advice of all.