Data Breach Leads to Target Scam Outbreak

Take these action steps to minimize Target scam threat: Internet Scambusters #581

Target scams are dropping into mailboxes and cell phone text messages following the huge data breach at the famous retail chain group.

It’s not just that millions of customer records have been stolen. Crooks are also posing as card companies, banks and Target themselves in an effort to get more info from victims.

In this week’s issue, we’ll tell you how to spot and avoid scams and where to get info from Target and others to get more help.

Let’s get started…

Data Breach Leads to Target Scam Outbreak

As you undoubtedly know by now, millions of Americans are being warned of the risk of falling victim to a Target scam following the massive data breach at the retail store chain.

Crooks are homing in on the disaster, in which more than 100 million consumer records are believed to have been compromised.

There’s nothing new about the type of scams themselves — which are almost exclusively aimed at identity theft or malware installation — but the data theft has given the crooks an opportunity to use the respected Target name as a lever to trick their victims.

Posing as representatives of banks, card companies and Target themselves, they’re sending out emails and text messages asking recipients to verify their card details and hand over other information.

In other cases, they use email attachments loaded with a virus that installs on victims’ PCs once clicked.

The breach happened during the busy holiday shopping period between Thanksgiving and Christmas. Initially, Target said that 40 million records had been exposed, revealing names, card numbers (credit cards, debit cards and the chain’s REDcard store cards), expiration dates and verification codes.

Then, a few weeks ago, the company said its investigations had shown that another 70 million records were also stolen during the same incident. These contained customer names, mailing addresses, phone numbers and, in some cases, email addresses.

That makes 110 million records in all, though some of them will be duplicates from both sets of data.

At the time of writing, the firm says the stolen data does not include Social Security numbers.

Has Your Data Been Stolen?

The first thing most people want to know is whether they’re among the data theft victims.

Target says if you shopped with them between November 27 and December 15 your data may have been exposed and you should monitor your credit and debit card balances carefully.

The company also says that where it has email addresses it will try to contact affected shoppers. But it stresses it will not ask for any personal information as part of the process.

Should you phone, if you don’t hear from them?

This is what Target said on its website after the latest disclosure:

“You don’t need to call us unless you believe there are suspicious charges to your Target REDcard. Target already has fraud alerts in place and is actively monitoring REDcard accounts that may have been impacted.

“The banks that issue non-Target credit and debit cards also have been notified and have similar processes in place. You too, should keep a close watch on your account by reviewing your credit or debit card statements.

“You should call your card’s issuing bank if you discover any suspicious, unusual or fraudulent activity.”

Have You Been Scammed?

If your records have been stolen, you could potentially become a victim of identity theft if someone uses your card information to obtain cash or buy goods in your name.

But Target stresses that the theft itself doesn’t necessarily mean you’ll be defrauded.

However, if you received a message asking you to verify information about any of your cards, it’s almost certainly a scam since neither Target nor your bank would ask for this information in this way.

Scam messages also usually include a bogus warning that your account has been frozen until you provide the information.

Often too they use poor English grammar and misspellings.

If you responded to any of these messages and gave this information, contact your bank and card issuer immediately.

There’s usually a contact phone number on the back of your credit card.

How to Avoid a Target Scam

As Target says, just because your information has been stolen doesn’t mean you’ll be defrauded.

Much of the information in the second batch of disclosures is publicly available on the Internet anyway to anyone diligent enough to know how to search for it.

However, this scam will run and run for a while because, to our knowledge, it’s one of the biggest corporate data breaches ever.

Crooks will use it as a lever for as long as they can.

So, here are seven things you should do to either avoid becoming a victim or to recognize if you’ve been taken:

1. Don’t respond to email or text requests that ask for confidential information. Not just about Target either. It’s a golden rule that applies to all such requests.

Instead, use the phone number on your card, your printed statement, or the sender’s official website and call the bank or card issuer.

(Don’t use a phone number or website address given in the message itself as it could be bogus.)

2. Don’t click on attachments or links that claim to be related to the incident.

3. Use this Target web page for information and follow their advice: Response & Resources Related to Target’s Data Breach.

4. Take advantage of Target’s offer for one year of free credit monitoring for all customers.

5. In addition, monitor your card accounts — daily or weekly, online, if you can.

6. Change your debit card PIN.

7. Ensure you have a difficult-to-guess password associated with any email address that you may have given to Target.

Although no one is suggesting passwords were stolen, this is a good time to make sure you have a different, highly secure password for each sensitive account.

For help with passwords, see this earlier Scambusters issue, Get Tough With Computer Passwords and Secret Questions.

And for the most recent information on what to do if your cards have been compromised, see this Federal Trade Commission page or download this guide, What To Do If Your Identity Is Stolen.

Given the scale of the data breach, it seems highly likely that the crooks got their hands either on your information or that of someone you know.

But don’t panic. You can’t do anything about the theft per se but you can do a lot to avoid being a Target scam victim by following our recommendations, and take swift action if you suspect a problem.

That’s all for today — we’ll see you next week.