Target’s Data Breach: How to protect yourself
As you have no doubt heard by now, Target was the victim of a major data breach that exposed 40 million credit and debit card numbers used at their stores from late November through mid-December. Most card issuers, including EECU, have already notified cardholders affected by the breach and have reissued cards to those people. EECU members affected by the breach have already received their cards, and the old cards have been disabled.
But there was another element to the breach to be aware of. In addition to the card numbers that were compromised, personal information for up to 70 million people was also stolen, including things like names, addresses, phone numbers and email addresses. This aspect of the breach may actually be of bigger concern. Card numbers that are stolen can simply be cancelled, and you have protection from liability for unauthorized transactions performed on the compromised accounts. Once your card has been cancelled and you have received a new card number, the stolen card number is of no use to the fraudsters. But compromised personal information is a different matter.
There are already indications that the criminals who committed the breach are using the stolen personal information in a new round of fraud. Except this time, they are using the stolen names and email addresses to trick people into providing additional personal information (like social security numbers, which were NOT compromised in the breach) or linking them to rogue websites that look legitimate but actually load malware onto any computer that visits the site (see this blog).
So what can you do? First, be suspicious of any email you get claiming to be from Target. Legitimate emails from Target will likely be sent from TargetNews@target.bfi0.com. The “from” address in an email can be mimicked, so having the correct “from” address does not automatically make it legitimate, but having a different “from” address will give you a quick tip-off that the email could be fraudulent.
Second, be wary of links in the email. In the text of the email, it may display a legitimate-looking link that will send you some place totally different. For instance, Target is offering credit monitoring to people affected by the breach. In the legitimate email they have sent out that notifies people of this, they link to creditmonitoring.target.com.
However, a rogue version of this email could be created that displays the link in the text but then sends you to a fake site that attempts to steal more personal data. In most email programs you can do a quick check to see if the link is going to the correct place. Just move your mouse over the link in the text, and you will see some sort of indication on the screen that reveals the actual Web address that the link will take you to. For instance, in Gmail it will display the true link at the bottom of the page. In Outlook it will display in a box next to your mouse cursor. Or if you want to be extra safe, don’t click on any links and just go directly to Target’s website to get your information. Go to https://corporate.target.com for links to information on the breach. For their credit monitoring program, go to https://creditmonitoring.target.com.
The CNN Money website also provides some other helpful tips for recognizing a fake email. And, of course, if you ever have questions, we are here to help. In addition to calling or emailing, you can also reach us on Twitter and Facebook.
|Tim Grove, vice president of systems development, has been with EECU Credit Union’s information technology team since 1999, and is responsible for the programming and development of EECU’s website as well as all online and mobile services. Tim holds an undergrad degree in marketing from Oklahoma Christian University as well as an MBA from the University of Texas at Arlington, and has served marketing and IT teams at companies including Canon, EDS and Halliburton.