Everyone has seen the recent news regarding some high-profile network breaches at Target and Neiman Marcus. Unfortunately this may be just the tip of the iceberg – some experts estimate that at least a half a dozen major retailers may have been compromised. What we’d like to do in this brief document is tell you a little bit about the Target breach, discuss what you should do next, and what you can do in the future to protect yourself.
The Breach Explained
Through a series of exploits, attackers were able to install malware (malicious software) on Targets’ POS or point-of-sale system. POS systems are the small terminals where a shopper swipes his or her credit card, signs for their transaction or enters a PIN number to complete the transaction.
The malware – which researchers describe as “particularly wily”, adaptive and persistent – went undetected for weeks and evaded Targets’ antivirus controls and allowed hackers to pull information off the magnetic strips on credit and debit cards. From there, customer data was sent back to a previously infected server, and files were deleted to remove evidence of a crime.
What Should I do?
If you are a frequent Target shopper and they have your e-mail address on record, you may have received a message that looks like the one shown below.
To check the authenticity of the message, begin by examining the “From:” e-mail address. This address looks a bit “phishy” – pardon the pun – as does the “Reply-To:” address, but let’s reserve judgment for the moment.
Another item to investigate are links in the body of the message you’re asked to click – that’s where the bad guy hides a malicious link. If you hover the mouse over the link, you see the site it goes to matches the link. That’s a good sign!
Next you can visit the Target website and verify that this is an authentic message. At the top of the webpage, you should see the following “important notice” banner:
Clicking this link takes you to Target’s official page with all breach-related information. On the right hand side, you will find another link “email to guests (begin sending on 1.15.14)” that takes us to the exact same letter.
If you’re still concerned, you can type in URL above “creditmonitoring.target.com” directly into your web browser. This is always a good practice to avoid clicking on malicious links.
Question: I haven’t seen any strange charges, so I should be ok, right?
Answer: No. Unfortunately so much data was collected – credit and debit card data from 40 million customers and personal information (addresses, phone numbers, etc.) from 70 million – that the data hasn’t all appeared on the black market.
Question: I didn’t receive an e-mail from Target, can I still get the free credit monitoring?
Answer: Yes, you can. In fact, if you’re uncertain whether or not your cards or personal information may have been compromised you can click on the link shown below “to learn more and register for the one-year offer, click here” and get an activation code.
What can I do to protect myself in the future?
Unfortunately when you shop in retail stores, such as Target or Neiman Marcus, you are counting on the stores to provide the necessary protections for your transactions and your personal data. As an individual, you can’t eliminate the risk but you may be able to limit damage. So what can you do? Here are a few strategies that should get you started:
1. Limit the amount of personal information you share with retailers, bricks-and-mortar and online. The less information you share the last information is at risk.
2. Short of using cash, if you have the choice between using a credit card or debit card, use a credit card. The credit card companies are much more aggressive in fraud monitoring – they’re actually protecting themselves. Also, in the United States, consumers are not responsible for fraudulent use of their credit card beyond $50.
3. Some consumers, who have had this happened multiple times, work with their banks to set daily spending limits and cap the amount of money that can be withdrawn from an ATM, thereby limiting the damage should there account information be compromised.
4. Make it a common practice to review your monthly credit card and bank statements for any unusual or unexpected charges and notify the bank or credit card provider immediately.
Some banks noticed and acted proactively
Written by Michael Qaissaunee