Corporate Security Breach Notifications Lead to New Complex Phishing Scam

March 13, 2014
Abaker

Security awareness and training is one of the most effective ways to combat phishing attacks and cyber security breaches. Recently, organizations experiencing these security breaches have launched security awareness communications campaigns to alert and educate the public.

Companies are now using new mediums to touch consumers including social media alerts and emails. A great example of education through social media is Target. After the recent security breach, Target immediately initiated a series of corporate communication emails and social media posts that notified and educated consumers about the breach. They provided customers with information on the security breach and helpful tips on how consumers should protect themselves from future phishing attacks.

Unfortunately, sophisticated criminals and hackers have used these emails to their advantage. Criminals are creating new fake phishing emails that mimic these security awareness communications. The phishing scam is very refined in that the emails look legitimate. Consumers are vulnerable and more likely to quickly act on these types of email. Currently, Target has identified over 12 scams preying on consumers.

Here are some tips for identifying a phishing scam resulting from company breaches:

  • Companies will never email you asking for personal information like Social Security numbers or credit cards. If you receive an email asking for this information it is a phishing email.
  • Target has posted a copy of the real email. Access it here. If you believe you may have been sent a phishing attack compare it to the email posted on the Target website.
  • Check the company website for other copies of official communication. Target has setup a dedicated webpage to help consumers identify official documents of communication.
  • Check the Better Business Bureau® (BBB) website. The BBB provides up-to-date information on security breach scams.
  • Scammers may also try to contact you pretending to be another reputable organization or governmental organization, such as the IRS. Be alert and careful when viewing these emails. The IRS does not ever send emails to consumers.