Published February 02. 2014 4:00AM
Bob, who lives in the New London area, recently received an email from Target offering him free credit reports for one year as the result of the data breach that compromised more than 100 million customers' credit card information during the holiday season.
Normally Bob would have been happy at Target's thoughtfulness, but the email raised a critical question for him. How did Target get his email in the first place?
Bob said he doesn't have a Target credit card and he hadn't shopped at Target for years and certainly not during this holiday season.
"I have every reason to believe that this offer was genuine and respect the fact that Target is acting in the best interest to protect its customers and of course their own. However, being a suspicious sort I called the number provided in the email and asked the representative how Target received my email address when I do not have an account," he told CTWatchdog.
Bob said he was told that anyone who shopped at Target in the past five years might be vulnerable. However the Target representative was unable to tell Bob where they got his email address. Bob said he was told that perhaps the bank that issued his credit card provided his email address. Bob then called his bank and was told that it was against bank policy to disclose personal information to anyone.
The only other explanation, Bob said, may be that he had purchased an item online from Target some time ago. Online credit card orders were not compromised in the hack attack.
"Target could not give me a precise answer when I asked how they obtained my email address and in fact led me to believe that they were working with other financial institutions who were willing to share this information," Bob said. "I am sure there is stuff going on that the average person will never know about and really won't care to know unless they are affected personally. Not sure there are any real problems here but it is interesting to observe how aggressively corporations acquire information in support of their marketing strategies, particularly at the point of sale."
The good news is that Bob's email actually came from Target. Thousands of others are getting fake emails trying to sucker them into divulging their personal information to cyber criminals.
How can you tell if the email actually came from Target?
Here are some clues.
First, check to see who sent the email. The real emails are being sent from TargetNews@target.bfi0.com. If there is another address, delete the email.
Second, if the email requests personal information or asks for money, delete it.
And if there are grammar or spelling mistakes, those are other clues that it is criminals trying to get your personal information.