We’ve not seen any of these on campus yet, but reports are coming in that a series of phishing scams, complex social engineering attacks, and other scams based on the news about the Target data breach are showing up in email inboxes across the United States. As usual, the scammers are riding the wave of panic as news stories say that up to 110,000,000 of us could be affected.

Target.Database.SpamReports indicate that these scams use a variety of attack methods:

  • “Our records show that you shopped at Target in the last 24 months. As a precaution, . . . visit the official identity theft database and put your information in.” (Click the image to see a copy of this scam as captured by Gar Warner of malcovery.com.)
  • “Thank you for your loyalty. As a reward for your loyalty, we are offering you the chance for a $1,000 gift card if you will take a brief survey.” (The survey then asks a lot of questions about you and your finances, and just keeps going and going. Uh, folks, if you see an online survey claiming to give you a $1,000 gift card as a reward, you do recognize that that is probably a scam to get you to surrender personal information to be used in future scams, right?)
  • “Add this ‘ShopAtHome’ toolbar to your web browser to earn points and enhance your shopping experience.” (Uh, right. Like I want to install an unverified piece of software on my computer that will probably report my web searches to someone.)

If you want to see a sample of one set of scams that used the fake Target warning to try to trap you into a web of deceitful shopping scams, check out Gar Warner’s January 10 blog post or this summary at Help Net Security.

Bottom line, as always, Think B4 U Click!