Friday, January 17, 2014

Target Breach Notification Cautions


According to security firm Sophos, "the number of Target data breach victims is increasing with rumblings of records dating back more than a decade being impacted.

"With the high number of individuals receiving data breach notifications, it's important that you remember security best practices. Beware of clicking on links received in e-mails without first checking the link to ensure it is taking you to the desired site. Hackers frequently use this phishing technique to mislead consumers and direct traffic to malicious sites.

"If you encounter a suspect link, contact the vendor directly by typing in the company address directly in the browser.

"An examination of Target’s breach notifications may confuse some consumers and could easily be mistaken for phishing.  James Lyne, global head of security for Sophos includes examples and further detail here.

"There are bound to be many copycat hackers jumping on this trend and telling good from bad content is going to be difficult for consumers."

I don't recall buying anything from Target, ever, but yesterday received an email from target.com with the subject: Important message from Target to our guests. Guests? Does this mean anyone who has ever hit the site, or do guests=customers? The message was signed by Target's CEO and offered one year of free credit monitoring. I didn't click through for the offer.