7 Scam-busting Tips for the Holidays from a Top Retail Cybersecurity Expert at Target

So, what are some big watch-outs? Erin Becker, who leads Target’s cyber fraud team, weighed in with her top tips for safe holiday shopping.

1 – Prioritize gift card safety

Target GiftCards that you purchase in our stores now have even more security measures. However, before buying any other gift cards on our shelves, check for signs the card or packaging has been tampered with — if you see any, point it out to a team member, stat.

Gift cards are a form of currency, so you don’t want to leave them lying around and risk losing them. But thanks to their popularity this time of year, it can be tough to keep track of all that you get. My favorite tip? Upload your Target GiftCards to your Wallet in the Target App for ease and safekeeping as soon as possible after receiving them. Once uploaded, you can cut up the physical card so no one else can use the funds before you do.

2 – If someone calls asking for gift cards as payment…

This type of scam can come by phone call, email or text. For a long time, it often involved a scam artist posing as someone official, asking you to buy gift cards and share the numbers as a payment. Now, we’re seeing fraudsters contact people saying one of their loved ones is in trouble, and they ask you to provide gift card numbers to help them. If this ever happens, hang up and contact your loved one directly.

It can seem so real, but anything like this should be an instant red flag. At Target, for example, our GiftCards can only be used at our stores and website and can’t be used to buy other brands’ prepaid or specialty cards. And no legitimate government entity accepts any form of gift card as payment.

Share this knowledge with your family members, friends and neighbors so they have the tools they need to keep themselves safe. The main thing to keep in mind is that you will never be asked to pay any bills or any government agencies via gift card.

3 – Slow down and be on the lookout for red flags in every email and text

Scammers definitely take advantage of the holiday timeframe, when people are more likely to be receiving confirmation and shipping emails, promos for deals and more digital goodies. They create phishing emails or smishing text messages that appear to be from your favorite brand to catch you off guard. But if you look closely, there are features that will tip you off that something isn’t right. For example, emails usually come from a slightly ‘off’ address different from the company’s official handle. Misspelled contacts and brand names, typos and bad grammar are also big red flags.

So, before opening links or providing information, ask yourself: Am I expecting this email or text? Do I recognize the sender’s email address and is it spelled correctly? If this email or text references a company I shop with, does it come from the company itself?

If you cannot confidently answer these questions, do not engage or respond. Other signs of a fraudulent message include misspelled words and brand names, typos or poor grammar. Before clicking any links, hover over them to see the full URL so you know where the link will take you. If you’re not sure it’s safe, don’t click on it.

Use a web browser to navigate to the brand’s website on your own instead.

4 – Get in the habit of using different, strong usernames or passwords for all accounts …

Here’s a New Year’s Resolution you can kick off early: It’s so important to use a different password for each of your accounts, even though it’s tricky to remember them all. When you use the same password for multiple sites where you shop or log in, one incident at any of those places leaves you at risk everywhere. And make sure to avoid using really obvious or easily guessable passwords. (Looking at you, 123456 and Winter2023.)

Another piece of advice? Keep track of all the sites that require you to use your email address as the User ID at login. And make sure that email account has very strong security and recovery information that’s hard to guess and unique from all your other accounts. Consider using a password manager that will help you create unique and hard-to-guess passwords for all of your accounts.

5 – … Or consider switching from passwords to passphrases and Multi-Factor Authentication

Another favorite way to come up with a memorable, ironclad password is to use a passphrase — a series of numbers, letters and symbols that stand for an easy-to-remember line or phrase. They’re longer and more secure and you’re more likely to remember a sentence than a word. For example: Why go to the beach when it’s raining? = YGo2tBwit$r@ining? (Now, don’t go using this one!)

We also offer guests the option to opt-in and sign up for an added layer of security called Multi-Factor Authentication/One Time Passwords (MFA/OTP), which are used to validate the user who is entering the password. It works by having the provider send a PIN by email or text to the registered user when they are trying to log in. Just remember, Target would never call a guest to ask for their OTP, pin, RedCard or gift card numbers.