Categories
Computer & Network Security|Information Security>Data Breach|Social Engineering>Phishing|Compliance>Privacy

Scammers take advantage of Target Breach victims

Can you recognize a phishing email?  Target recently sent out an email to those affected by the data breach with information about the breach and steps to take if your information was involved.  That email can be viewed on Target’s website.

target

Scammers are also taking advantage of the situation and sending their own Target breach notification emails.  Can you spot the differences in a real and fake email?

Honestly, I am surprised that Target sent their email the way they did.  One of the first ways to identify a suspicious email is whether or not you recognize the sender.  In the case of the legitimate Target email it came From: Target.com (TargetNews@target.bfi0.com).  This immediately raises a red flag in my head because I don’t know the domain bfi0.com.  This is a standard tactic of scammers to try and trick users into trusting the Target part of the email and ignoring the next part.  bfi0.comThis was an oversight on Target’s part to instill trust in their constituents.  I would not trust this email if I had received it.  I dug a little more and a WHOIS lookup shows that the bfi0.com domain is registered to an Epsilon Data Management who tracks email marketing campaigns.  I now know this is the real Target email.

The biggest items to notice in the real email are that they are not asking you to click on anything, except the Target.com website,  and they do not ask you for any information.

Scammers will try and make you feel compelled to click on links and divulge personal information.

If you have already received one of the fake emails, you should immediately delete it.  If you clicked on anything, you need to make sure your antivirus is up to date, and it would probably be a good idea to change the passwords on your online accounts.

If you divulged personal information from the scam email, you need to immediately contact your bank and or credit company and notify them to be vigilant of fraud activity.

Finally, Target is offering free credit monitoring to anyone affected by their breach, and I recommend signing up for it immediately.  You can see the details on Target’s website.

As a general rule, if you don’t recognize the sender, don’t trust the email.