Following the recent data breach, we continue to work with our guests and team to help them understand the steps that Target is taking, as well as what each of them can do to help reduce their own risk of experiencing fraud. We’ve all seen it before, but the unfortunate reality is that following an event like a data breach, it’s common to see fraudsters use emails, texts, phone calls and fake websites to try to steal your personal information.
The techniques are known as smishing and phishing. These occur when you receive an official-looking message that is intended to trick victims into handing over vital information like account numbers, private passwords and Social Security numbers.
People are often caught off guard by these messages, but don’t be fooled. It is important to remain wary of call, text or email scams that may appear to offer protection, account support or even financial reward but are really trying to get this personal data from you. Target will never ask for your credit, debit or social security number via email.
To help you feel confident that what you are hearing from Target is really from us, we set up a dedicated resource on our website. This site will continue to include PDFs of all official communications that Target sends related to the data breach.
Target works quickly to disable and block fake “Target” websites and links as soon as they’re discovered. We also work with social media companies like Facebook and Twitter to quickly put a stop to scams we see there. But guests can also protect themselves by remaining vigilant, not just now, but always.
We spoke with Steve Surdu, VP of Professional Services at Mandiant, about specific steps you can take to keep from being a victim of phishing scams. Mandiant focuses on helping organizations detect, respond to and contain computer intrusions.
Read strategically: Suspicious indicators to look for include sloppy language or formatting, typos and an informal style, such as multiple exclamation marks. Another indicator is a site with a URL that attempts to mimic the URL of a more well-known site by adding a letter, or ending with .co rather than .com.
Do not click on hyperlinks or open attachments in suspicious e-mails: If you receive a text, social post or email from an unknown sender, do not click the link, respond to it or share any personal information.
Take advantage of antivirus and anti-spam software: Antivirus and anti-spam software can protect against some common tech exploits. Many attacks disguise as spam so you can reduce your risk of phishing attack using software that blocks these messages from ever entering your mailbox.
Beware of pop-up windows: Pop-up windows are often used in phishing scams. Avoid sharing financial or sensitive information in unsecure pop-up windows. Instead, make sure you see a secure lock icon at the bottom corner of your web browser—an indication that you’re on a safe, encrypted page.
Stay alert: Most important, regularly check your online accounts and bank statements to ensure that no unauthorized transactions have been made.