It hasn’t taken scammers long to create more havoc for consumers following the breach of the Target point-of-sale system.  What’s the latest?  Phony emails, text messages and phone calls pretending to be from companies wanting to help consumers whose credit and debit cards were compromised.

How does the scam work?  As outlined recently by the Better Business Bureau (BBB), the scam comes in multiple versions (www.bbb.org; “Watch for Scams Following Target Data Breach”, January 3, 2014).

In the text message version, the consumer gets a text alleging it’s from the consumer’s credit card company.  The message says the consumer’s credit card’s been blocked in response to fraudulent transactions that were spotted following the Target breach.  A phone number’s included in the text and the consumer’s supposed to call that number to verify his account information.  The text might seem legitimate but it’s not; consumers should not call the number as it’s a ploy to get card as well as other personal information.

BBB describes the call version as followers: the consumer gets a call from the scammer who’s claiming to represent Target. The scammer asks for the consumer’s name, address, SSN and other personal information in order to supposedly see if the consumer’s credit or debit card is on the list of cards compromised in the breach.

What can consumers do to protect themselves against post-Target breach scams?  In addition to the steps I’ve recommended in prior blogs, read the BBB guidance (“BBB’s Suggestions for Target Customers”; http://www.bbb.org) which offers very good advice.  I’ve added some additional ideas to the following BBB advice:

  1. Go to the official Target website: here’s where consumers can find the official information and communications from Target (Target.com/paymentcardresponse);
  2. Don’t be fooled by appearances: scammers are using increasingly sophisticated technology to make their scam messages look very close to those from the legitimate, reputable company or source; I suggest that consumers always look at the incoming .url since the scam message will often (but not always) have one that’s different from the .url of the legitimate company ;
  3. Don’t open the links or attachments: check the Target website to see if they’re sending emails to affected consumers; otherwise, as I’ve noted in prior blogs, consumers opening links or attachments in unexpected emails could be unwittingly downloading malware; and
  4. Read the message carefully: typos and poor or incorrect grammar are “red flags” and absolute giveaways that the message is from a scammer and not a corporation.

Consumers whose cards were compromised cannot, unfortunately, relax just yet.  They need to stay alert for more scammers trying to take advantage of the Target data breach.