Although we have known for some time that the hacking of Target was accomplished through the initial hacking of Fazio Mechanical, a heating and air conditioning company that does business with Target and had access to Target’s computers for billing and ordering purposes, it was not until recently that we learned that the way that Fazio was hacked was through a common technique called “spear phishing” where the victim receives an email directed to them by name that appears legitimate or promises something enticing, such as free pornography or videos of a newsworthy or otherwise intriguing event. Once the victim clicks on the link in the email or downloads the attachment in the email, malware is downloaded on to the victims’ computer that provides access to the all of the information in the victim’s computer, which in this case included the information necessary to access the Target computer system. Even though Fazio’s computers were protected by anti-malware programs, either its program was not as good as necessary or it was merely not current with the latest malware threats. Anti-malware software programs are generally at least thirty days behind the latest malware threats.
Also criticism is now being made of Target’s offer of one year’s worth of free credit monitoring service through Protect MyID. The problem is twofold. First, credit monitoring merely helps to inform you that you have already become a victim of identity theft. It does nothing to prevent identity theft. But even further Target’s program which is done through the credit reporting bureau Experian only provides you with credit monitoring of your Experian file. It does not provide you with monitoring of your file with the other two credit reporting agencies, Equifax and Transunion, which makes the monitoring incomplete. Experian does offer you the additional monitoring for a year, but for a fee that can be as much as $75.
The first lesson is that you should never click on links or download attachments unless you are absolutely sure that the links or downloads are legitimate. Always confirm before you download. Second, you cannot rely on your anti-malware software to be 100% effective. Ultimately it is up to you not to download questionable material. All of that being said, you should make sure that you have anti-malware and anti-virus software on all of your electronic devices and make sure that you keep the software up to date with the latest security patches and updates.
Finally although credit monitoring does offer some benefits, preventing identity theft through pro-active steps such as putting a credit freeze on your credit reports at each of the three major credit reporting agencies is a better way to protect yourself from identity theft in the event your personal information is compromised. You can find how to put a credit freeze on your credit report by going to the section on “credit freezes” on the right hand side of this page.