Internet scammers are targeting shoppers worried about their credit ratings following December's security breach at Target, state officials say.
In a news release Monday, Pennsylvania Attorney General Kathleen Kane cautioned consumers against "phishing" attacks, which masquerade as a legitimate Target web page or email but instead collect personal information for nefarious purposes.
"A number of scammers have taken advantage of Target customers' misfortune and have set up websites and are sending emails with Target's logos in an attempt to further victimize consumers whose personal information may have been taken from Target," Ms. Kane wrote in a news release. "It is important for Pennsylvania consumers to know that we have their back."
The original breach came in December, when hackers bypassed Target's security and made off with the credit card information of more than 40 million shoppers. The retailer quickly apologized and offered free memberships to an identity theft prevention service, saying only Christmas shoppers were risk.
But last week, the company announced more customers could have been compromised, with staff realizing the hackers had also made off with a bevy of personal contact information for about 70 million people.
"I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this," Target CEO Gregg Steinhafel said Friday in a prepared statement.
These latest scams are the work of opportunists looking to profit from the fear and confusion of frightened customers, Ms. Kane said. Phishers typically pretend to be a familiar company, sending emails with a popular bank's logo or setting up a site similar to a legitimate retailer's.
From there, they'll ask for sensitive and private information, including passwords and bank account numbers. Some have become so brazen as to post a fake customer service number, where a live scam artist will talk you out of your money.
To avoid phishers, Ms. Kane advised residents who think their credit card information could have been compromised to seek help only from Target or her office. Anyone with concerns is welcome to call the attorney general's consumer protection hotline at 1-800-441-2555. Target customers interested in a free year of credit monitoring should visit creditmonitoring.target.com before April 23.
Write those numbers down and save them: Security experts say repercussions from the Target breach could take months to fully develop. Joe Ferrara, CEO of Oakland-based cybersecurity firm Wombat Security Technologies, said phishers will use any personal information they have on hand to convince computer users they're legitimate.
Indeed, if the stolen Target data includes phone numbers, Pittsburghers can even expect scam phone calls.
"At the end of the day, it's about tricking someone to give up information," Mr. Ferrara said. "You have to be really prepared to look at things from a different vantage point to make sure you're not just accepting what the person said on the email.