The busy holiday season is in full swing, and with so much to do (finish the gift list! wrap the presents! get the house ready for visitors!), you’re likely running in circles. Unfortunately, fraudsters know it all too well, and ramp up their scams during this time of year — even adding holiday themes specially designed to catch busy shoppers unaware.
That’s one of the big reasons Target has built a multi-layered approach to stopping fraud, including gift card scams, during the holidays season and all year round. Our group of hundreds of cybersecurity experts helps Target identify and stop fraud, proactively monitor trends and create solutions to prevent fraud before it even happens.
Have a fraud-related question for Target? Here’s how to reach us.
Received a suspicious email, text, phone call or malicious website that appears to be from Target? Want to report an information-security-related issue or event? Please get in touch.
Give us a call or send us a message
- Guest Relations: (800)-544-2943
- Visit contactus.target.com
So, what are some big watch-outs? Erin B., who leads Target’s cyber fraud team, weighed in with her top tips for safe holiday shopping.
1 - Slow down and be on the lookout for red flags in every email and text
Scammers definitely take advantage of the holiday timeframe, when people are more likely to be receiving confirmation and shipping emails, promos for deals and more digital goodies. They create phishing emails that appear to be from your favorite brand to catch you off guard. But if you look closely, there are features that will tip you off that something isn’t right. For example, they usually come from a slightly ‘off’ email address different from the company’s official handle. Misspelled contacts and brand names, typos and bad grammar are also big red flags.
So, before opening links or providing information, ask yourself: Am I expecting this email or text? Do I recognize the sender's email address and is it spelled correctly? If this email or text references a company I shop with, does it come from the company itself?
If you cannot confidently answer these questions, do not engage or respond. Other signs of a fraudulent email include misspelled words and brand names, typos or poor grammar. Before clicking any links, hover over them to see the full URL so you know where the link will take you. If you're not sure it's safe, don't click on it.
Use a web browser to navigate to the brand's website on your own instead.
2 - Get in the habit of using different, strong usernames or passwords for all accounts …
Here’s a New Year’s Resolution you can kick off early: It’s so important to use a different password for each of your accounts, even though it’s tricky to remember them all. When you use the same password for multiple sites where you shop or log in, one incident at any of those places leaves you at risk everywhere. And make sure to avoid using really obvious or easily guessable passwords. (Looking at you, 123456 and Winter2023.)
Another piece of advice? Keep track of all the sites that require you to use your email address as the User ID at login. And make sure that email account has very strong security and recovery information that’s hard to guess and unique from all your other accounts. Consider using a password manager that will help you create unique and hard-to-guess passwords for all of your accounts.
3 - … Or consider switching from passwords to passphrases and Multi-Factor Authentication
Another favorite way to come up with a memorable, ironclad password is to use a passphrase — a series of numbers, letters and symbols that stand for an easy-to-remember line or phrase. They’re longer and more secure and you’re more likely to remember a sentence than a word. For example: Why go to the beach when it’s raining? = YGo2tBwit$r@ining? (Now, don’t go using this one!)
We also offer guests the option to opt-in and sign up for an added layer of security called Multi-Factor Authentication/One Time Passwords (MFA/OTP), which are used to validate the user who is entering the password. It works by having the provider send a PIN by email or text to the registered user when they are trying to log in. Just remember, Target would never call a guest to ask for their OTP, pin, RedCard or gift card numbers.
Here’s how to add a layer of security to your Target account with MFA/OTP
- Log in to your account via your preferred web browser, not the Target app
- Go to Account, then Settings
- In Settings, find Sign In & Security
- Click “edit” and set up Two Factor Verification
4 - If someone calls asking for gift cards as payment...
This type of scam can come by phone call, email or text. For a long time, it often involved a scam artist posing as someone official, asking you to buy gift cards and share the numbers as a payment. Now, we’re seeing fraudsters contact people saying one of their loved ones is in trouble, and they ask you to provide gift card numbers to help them. If this ever happens, hang up and contact your loved one directly.
It can seem so real, but anything like this should be an instant red flag. At Target, for example, our GiftCards can only be used at our stores and website and can’t be used to buy other brands’ prepaid or specialty cards. And no legitimate government entity accepts any form of gift card as payment.
Share this knowledge with your family members, friends and neighbors so they have the tools they need to keep themselves safe. The main thing to keep in mind is that you will never be asked to pay any bills or any government agencies via gift card.
5 - Don’t just click on a hyperlink — test it first
Another way that scammers try to trip you up is by getting you to click on a hyperlink in an email or online ad that looks like it will take you to your favorite shopping site, but actually leads to an illegitimate one. In fact, scammers will often attempt to imitate Target by creating a fake website that looks like Target.com or fake gift card site under the guise of helping you check your balance. In these instances, we’ve seen them attempt to get guests to log in to their sites to steal people’s info.
Before clicking any links, hover over them to see the full URL and make sure you know where the link is taking you. Not sure it’s legit? Better to be safe than sorry. Don’t click on the hyperlink. Use a web browser to navigate to the brand’s trusted website you’re seeking instead. And you can always use the Target app to shop safely too.
6 - Double-check gift cards before you buy
Sometimes scammers attempt to steal the balance from gift cards on store displays by peeling back the packaging and copying down the code. To mitigate this issue in our stores, Target puts a scratch-off film with our easy-to-spot Bullseye logo (so you know it’s an original) over the numbers on the back of our GiftCards. But to be extra safe, before buying any gift card, check for signs that the card or packaging has been tampered with. (If you find any, tell a team member, stat.)
To purchase a Target GiftCard or check your balance online, always use Target.com.
7 - Treat your own gift cards like cash
Gift cards are a form of currency, so you don’t want to leave them lying around and risk losing them. But thanks to their popularity this time of year, it can be tough to keep track of all that you get. My favorite tip? Upload your Target GiftCards to your Wallet in the Target App for ease and safekeeping as soon as possible after receiving them. Once uploaded, you can cut up the physical card so no one else can use the funds before you do.
8 - If you think you’ve been scammed, report the incident ASAP
Sometimes victims are hesitant to report scams because they feel silly for falling for them, but it can happen to anyone. So take action. Report the incident to your local law enforcement and the Internet Crime Complaint Center or Federal Trade Commission as soon as you can. By doing this, you’re likely keeping many others from becoming a victim, too.
Head to Target’s Holiday Hub for even more ways Target is making shopping easy, inspiring and affordable this holiday and beyond.