So, what are some big watch-outs? Erin B., who leads Target’s cyber fraud team, weighed in with her top tips for safe holiday shopping.
1 – Slow down and be on the lookout for red flags in every email and text
Scammers definitely take advantage of the holiday timeframe, when people are more likely to be receiving confirmation and shipping emails, promos for deals and more digital goodies. They create phishing emails that appear to be from your favorite brand to catch you off guard. But if you look closely, there are features that will tip you off that something isn’t right. For example, they usually come from a slightly ‘off’ email address different from the company’s official handle. Misspelled contacts and brand names, typos and bad grammar are also big red flags.
So, before opening links or providing information, ask yourself: Am I expecting this email or text? Do I recognize the sender’s email address and is it spelled correctly? If this email or text references a company I shop with, does it come from the company itself?
If you cannot confidently answer these questions, do not engage or respond. Other signs of a fraudulent email include misspelled words and brand names, typos or poor grammar. Before clicking any links, hover over them to see the full URL so you know where the link will take you. If you’re not sure it’s safe, don’t click on it.
Use a web browser to navigate to the brand’s website on your own instead.
2 – Get in the habit of using different, strong usernames or passwords for all accounts …
Here’s a New Year’s Resolution you can kick off early: It’s so important to use a different password for each of your accounts, even though it’s tricky to remember them all. When you use the same password for multiple sites where you shop or log in, one incident at any of those places leaves you at risk everywhere. And make sure to avoid using really obvious or easily guessable passwords. (Looking at you, 123456 and Winter2023.)
Another piece of advice? Keep track of all the sites that require you to use your email address as the User ID at login. And make sure that email account has very strong security and recovery information that’s hard to guess and unique from all your other accounts. Consider using a password manager that will help you create unique and hard-to-guess passwords for all of your accounts.
3 – … Or consider switching from passwords to passphrases and Multi-Factor Authentication
Another favorite way to come up with a memorable, ironclad password is to use a passphrase — a series of numbers, letters and symbols that stand for an easy-to-remember line or phrase. They’re longer and more secure and you’re more likely to remember a sentence than a word. For example: Why go to the beach when it’s raining? = YGo2tBwit$r@ining? (Now, don’t go using this one!)
We also offer guests the option to opt-in and sign up for an added layer of security called Multi-Factor Authentication/One Time Passwords (MFA/OTP), which are used to validate the user who is entering the password. It works by having the provider send a PIN by email or text to the registered user when they are trying to log in. Just remember, Target would never call a guest to ask for their OTP, pin, RedCard or gift card numbers.