CNN warns about Target copy-cat phishes

Target did indeed do a blast to customers to offer one year of free credit monitoring. The problem is scammers are also on the prowl and are sending out similar emails.
Target even says it has identified and stopped at least 12 scams preying on consumers via email, Facebook and other outlets.CNN: Did you get an email from Target?

I’m not surprised in the least that phishers are copy-catting Target’s email and are trying to compromise even more information from users.
What did surprise me was how easy both Epsilon and Target made it for the phishers. The official Target emails were signed with DKIM, but they were signed by target.bfi0.com. All a phisher has to do is register a random domain and sign with a similar key. The mail will pass authentication checks and look to most people exactly like the official Target email.
That mail should have gone out with a From: address in the target.com namespace. That mail should have been signed by target.com. Target should have published a DMARC record. I understand Target probably wanted to get the email out as fast as possible. But they sacrificed security for speed, and have opened their customers up to even more information compromises.
Last week I was mentally giving Target a D for their response to this. The more I learn about what they’ve done (or failed to do) just with the email campaign, the more I think they should get a F.

Related Posts

Target, Epsilon, Spam

If you enter “bfi0” into the Google search box, it’s suggestions are:

Read More

Hotmail moves to SPF authentication

Hotmail has recently stopped using Sender ID for email authentication and switched to authenticating with SPF. The protocol differences between SenderID and SPF were subtle and most senders who were getting a pass at Hotmail were already publishing SPF records.
From an email in my inbox from September:

Read More

New player in the DMARC space

Over on the DMARC-Discuss list, Comcast announced they had turned on DMARC validation and companies that publish DMARC records should start receiving reports from Comcast.

Read More