MUNCIE — If you did any Christmas shopping at Target, you’ve probably had at least twinges of concern with each new report of the fallout from hackers having stolen credit and debit card information from the store’s files during that period.
Customer names, mailing addresses, phone numbers or email addresses for up to 70 million people were stolen from the retail chain’s system in a breach discovered in mid-December, according to the Target website.
In addition to keeping an eye out for suspicious charges on their accounts, consumers are being warned of another potential attack stemming from the information theft.
STAR Financial Bank last week sent out a warning about email phishing scams related to the data breach. “Phishing attacks use spoofed e-mails (messages from forged addresses, often made to look as if they come from a bank, online retailer or similar business) and fraudulent websites designed to fool recipients into divulging personal financial data,” a release from STAR stated.
Almost anyone using email probably gets the occasional suspicious message purportedly from a bank, business or social media site “checking” on their personal or account information. But those whose information was stolen in the Target data break could be particular targets for current phishing attempts, warned Michael Krouse, STAR’s information security officer.
The American Bankers Association and STAR offer these tips for avoiding becoming the victim of a phishing scam:
• If you have responded to a spoofed email, contact your bank immediately so they can protect your account and identity.
• Never give out your personal or financial information in response to an unsolicited phone call, fax or email, no matter how official it seems.
• Do not respond to emails that warn of dire consequences unless you validate your information immediately. Use a telephone number or web address you know to be legitimate — not any links or contact info from the email — to contact the company to confirm the email’s validity.
• Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Companies don’t ask for this information by email or text.
• Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Some thieves hope small transactions will go unnoticed. Report discrepancies immediately.
• When submitting financial information online, look for the padlock or key icon at the bottom of your Internet browser, or in the address bar. Also, most, though not all, secure Internet addresses begin with https://.
• Forward phishing emails to email@example.com and to the company, bank or organization impersonated in the email. Phishing emails also can be reported to firstname.lastname@example.org. The Anti-Phishing Working Group, a group of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
• You also can report suspicious activity to the Internet Crime Complaint Center (ic3.gov/default.aspx), a partnership between the FBI and the National White Collar Crime Center.
For information on protecting yourself online, visit the ABA’s consumer section on phishing at aba.com/consumers/pages/phishing.aspx.
Read more related articles: