Target is warning its customers that an opportunist is trying to take advantage of the fear created by the credit and debit card theft by sending phishing emails.
The company is setting up a special section on their official website and publishing their official communications for comparison purposes. It’s hard to believe anyone would be that naive in this day and age -- but to cover its legal problems the box store retailer is responding as aggressively as they can. They admit to knowing only of a “limited” number of scam emails.
The Secret Service and the U.S. Justice department are leading the investigation to find the instigator.
Stephen Coty, Director Threat Research at Alert Logic, a global company that protects against data theft, says he and associates have kept up with what has been written in the media regarding the thieves and the sale of the data information in Europe. “So we went to our usual places where we go to look for stolen credit card data, and we’re not seeing them in the U.S. market.”
There are claims that in addition to the credit and debit card information hackers obtained, they also got PIN numbers, something the company has partially denied. Target says hackers did not get “encrypted” PIN numbers, carefully avoiding discussion of unencrypted information.
Landon Mayo is a web application security specialist and an ethical hacker. “If I was a malicious hacker and I just stole a bunch of credit card numbers, what would be my next move? It would be to get the information for the credit card account holders, maybe for verification reasons; maybe they need that three digit code on the back of the card.”
The most important piece of information you need is a reminder to never give any financial information unless you are POSITIVE they are who they say they are.