Skip to main content
Report this ad

See also:

Protect yourself from malware fraud like the Target and Nieman Marcus attacks

Here's some advice for avoiding difficulties following the attacks that compromised customers' debit and credit cards used recently at Target, Nieman Marcus and other unnamed stores. Mötley Fool reported on Jan. 21 that the Target breach could have been avoided if Target had required use of smart cards with embedded microchips. That's interesting and may help us in the future; most cards in Europe use that chip technology and these recent frauds did not strike Europe.

NY - DECEMBER 19: New York Knick, Tyson Chandler attends Tyson And Kimberly Chandler Holiday Shopping Experience At Target on December 19, 2013 in New York City. (Photo by Thos Robinson/Getty Images for Tyson Chandler)
Photo by Thos Robinson

What happened: Target discovered on Dec. 15 that criminals had stolen 40 million of Target's customers' card debit and credit card account numbers along with customer names, addresses and card expiration dates, plus encrypted PINs (personal identification numbers) for debit cards, during the period from November 27 through December 15, 2013. Additionally, customer data for 70 million people was stolen. Target has sent notes to millions of customers offering them all free credit monitoring services. Banks including Chase, Huntington, and others have offered to replace cards quickly for their customers who shopped at Target.

Nieman Marcus disclosed that they suffered a similar breach which they also discovered in mid-December. Various reports indicate that at least six other stores were struck in the U.S., Canada, and Australia.

Advice for shoppers:

1. If you used a debit card to buy anything at Target or Nieman Marcus in late November or December, 2013, and you still have that card, cancel that debit card and get a new card with a new account number. If you can get a credit card instead of a debit card, do so. While Target or your bank will reimburse any fraudulent debit card transactions, the overdrafts incurred if your checking account balance is unexpectedly reduced will be more difficult to recover. Credit cards are easier to manage from a fraud perspective.

2. Check all your accounts periodically to ensure that all the transactions are really yours and report any suspicious or fraudulent transactions as soon as you find them, by calling the phone number on the back of the card.

3. If anyone contacts you via any means such as phone, email, or text and asks you to give them anything confidential such as your birth date, social security number, mother's maiden name, any password, PIN, or account number, don't do it.

4. It's a good idea to sign up for the free credit monitoring that Target is offering to all Target customers whose data was stolen. Do that by going to Target's website, not by responding to someone who calls, texts or emails you, and not by clicking something someone emails to you. The legitimate emails from Target ask you to use this web address:

Meanwhile, the investigation into the breach continues:

A report released to limited parties including reporters at the Wall Street Journal and indicates that the computer code that caused the breach at Target was programmed partly in Russian and that similar code affected Nieman Marcus and at least six other retailers in the U.S., Canada and Australia.

A number of reporters speculated that a 16 year old individual from St. Petersburg, Russia, wrote the program that did the damage and sold copies of it for about $2000 each on the black market. Fox News has recently stated that those reports were erroneous.

A pair of Mexican citizens were arrested in Texas with 96 fraudulent cards made with account numbers obtained from the Target breach.

Technical details about how the attack occurred have been published on and on Brian Krebs' blog, It's highly likely that the malware was sent, as part of a normal software refresh, to all Target point-of-sale (POS) devices, which in Target's case are computerized cash registers running the Windows operating system. While this may be educated speculation rather than fact, indications are that the malware was able to capture account data within the active memory of the POS devices before that account data was encrypted, and then able to send the account data to a compromised server using a standard NetBIOS program interface. There's speculation as to whether an insider disclosed a network password or whether the fraud perpetrators were able to guess a valid password.

Copyright © 2014 Susan J. Walker. Subscribe above to receive an email whenever Susan Walker publishes on Follow @WalkerSusanJ on Twitter.

More articles

Both Target and Best Buy offer $50 gift cards with purchase of new iPhone 5s.

Predicting iPhone 6: Size, features and release date.

High-tech Valentine's Day gifts with low prices.

7 fun and favorite Super Bowl ads.

iPad Air, iPhone 5c and more high-tech Valentine's day gift ideas.

4 ways T-Mobile is trying to get you to switch carriers.

Best Buy to reduce iPad Air price by $50 on Jan. 24 and 25.

Google Glass now sports prescription lenses plus new apps at CES.

Best Buy offers best iPhone 5s and 5c price; Target is second.

iPad prediction: Larger screen in 2014.

Target cuts iPhone 5c, 5s and iPad Air prices following massive data leak.

Google Nexus, iPad and more: Great tablet deals for holiday giving.

Verizon offers $100 off popular new iPad Air, Galaxy Tab and other new tablets.

iFrogz ear buds from Verizon: High-tech gift in low price range.

Moto X compared to iPhone.

Why iPhone 5s is more popular than iPhone 5c.

Easy way to compare Obamacare prices: HealthSherpa website.

Verizon Droid Maxx: Hands-on comparison to iPhone.

7 good places to sell or trade your iPhone and how much they pay.

Internet fraud: Protect yourself when buying online.

Copyright © 2014 Susan J. Walker. Subscribe above to receive an email whenever Susan Walker publishes on Follow @WalkerSusanJ on Twitter.

Report this ad