Target Issues Phishing Warning

Scam Communications Have Increased in Wake of Breach

By , December 24, 2013.
Target Issues Phishing Warning

As more details about the payments breach at Target Corp. unfold, the retailer on Christmas Eve issued a warning about phishing scams linked to communications that appear to be from Target (see Target: Breach Caused by Malware).

See Also: Fighting Financial Fraud: Mitigation for Malware, Phishing & DDoS Attacks


Target, which has been sending out communications about the breach through e-mail and social media channels such as Facebook, now says it is launching a page on the Target website where consumers can access official communications.

"We are aware of limited incidents of phishing or scam communications," Target notes in its Dec. 24 statement. "To help our guests feel confident that what they are hearing from Target is really from us, we are in the process of setting up a dedicated resource on our corporate website where we will post pdfs of all official communications that Target sends to our guests. We expect that to post later this afternoon."

On its FAQ page, Target specifically addresses risks associated with socially engineered scams feigning to be related to the breach recovery.

"Your Social Security number was not compromised," the retailer states on its site. "Be wary of scams that may appear to offer protection but are really trying to get personal information from you. If you have any suspicions about the authenticity of an e-mail or text, do not click the links in it. Please go directly to the sites you need to access. Visit as a resource for official communications that Target has sent to our guests."

On Dec. 23, Target confirmed that malware was to blame for the compromise that infected its point-of-sale system.

Just days earlier, an executive with one of the leading U.S. card issuers affected by the Target attack, who asked not to be named, told Information Security Media Group that about 40,000 of the retailer's 60,000 point-of-sale terminals were infected with an executable file, likely malware that was automatically downloaded from a hacked server. Once infected, the devices were instructed to store and forward magnetic-stripe data collected during transactions at the POS, the executive said.

"Clearly, it was an external intrusion," the executive says. "It would follow that it was done through the infrastructure that Target uses to send updates down to their POS terminals."

Now, according to a news story posted Dec. 24 by Reuters, questions are brewing about whether PINs associated with debit transactions were, in fact, compromised. According to Reuters, an unnamed executive with a leading U.S. bank says the hackers who broke into Target's network could have cracked the encryption code used to protect PINs. Target has denied those claims, however.

Target's Response, So Far

The breach, which likely exposed 40 million U.S. debit and credit accounts, has spurred Target to launch a massive communications plan - one that has been praised by industry experts.

Andrew Walls, a social media expert who's an analyst at the consultancy Gartner, says Target's communications with consumers highlight the need for more use of social media communications by organizations in the wake of a breach.

"This is just about communications at the end of the day," he says.

On Dec. 23, in response to requests from numerous state attorneys general, Target took communications a step further and hosted a call with its general counsel to answer additional questions about the breach and subsequent notification.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Industry News: BAE Systems Launches New Service

Leading this week's industry news roundup, BAE Systems launches a corporate security analysis...

Latest Tweets and Mentions

ARTICLE Industry News: BAE Systems Launches New Service

Leading this week's industry news roundup, BAE Systems launches a corporate security analysis...

The ISMG Network