How to tell if the email you received from Target is legitimate or a scam

Target sent emails like the one shown above to millions of customers affected by the breach. Be careful about scammers trying to mimic them. (Photo: courtesy Target)

Target sent emails like the one shown above to millions of customers affected by the breach. Be careful about scammers trying to mimic them. (Photo: courtesy Target)

DENVER — Target is sending out millions of emails to customers who had their personal information stolen in the recent security breach, and scammers are coming out of the woodwork.

The emails offer customers free credit monitoring services for a year. But it’s not always easy to tell whether the email landing in your inbox is legit.

Target emailed customers offering free credit monitoring for a year from Experian. That email is now creating spoof emails and more scams.

Teresa Peterson is a Target shopper. She said, “It’s right around the corner. It’s convenient.” She received the recent email from the company offering free credit monitoring for a year. “That was really nice of them,” she said. But, she also questioned its legitimacy. “I am very leery of emails and links that come,” Peterson explained.

Fox31 Denver took that email to Charles Tendell of Consumer Cyber Security. He said, “This one actually looks pretty legit, just looking at its face value.”

Peterson said she’s happy to know it was real but wonders, with so many fake emails out there, how can you tell them apart? Turns out she’s right to be concerned. Tendell immediately found another that was fake. “Completely fake, and I’ll show you why,” he said, explaining the “from” was fake, “TargetBreach rattled nerves at TRESweet.com.”

So here’s what you need to do to make sure the Target email you open, is real. Tendell says the first thing is to verify the email address. “Expand it so that you can read the entire email.” Target released the legitimate sender name, TargetNews@target.bfi0.com. Tendell says make sure it’s exact.

Second, don’t click links within the body of an email, go directly to the company’s site.

Finally, “Anywhere Target will send you to do any type of identity theft consulting will always have that HTTPS,” Tendell said.

Peterson and her husband already have credit monitoring, so this time, she didn’t need the offer. “It’s my responsibility to make sure that I’m being a safe shopper and a safe consumer,” she said.  “We will continue to shop at Target.”

Another thing to keep in mind, Tendell said Target won’t be asking for personal information in the email. You’re only getting an activation code from the retailer for a free monitoring service, once you go to the Target site.

Here are five signs the email you’ve received isn’t really from Target:

1) The email address doesn’t match

Target’s emails are being sent from TargetNews@target.bfi0.com. So if the email you receive comes from a different email address, that’s your first indication that it’s a scam.

But even if the email address does match the one Target is using, you’re not completely safe. Scammers can easily “spoof” addresses — meaning they can forge the address and make the one that is displayed to recipients look like anything they want.

2) It asks for personal information

Target’s emails do not ask for a Social Security Number, phone number, address or any other personal information.

Instead, the retailer provides a link to a website where you can receive an activation code for a free credit monitoring service. After going to that website, creditmonitoring.target.com, and providing your email address, you will be sent another email where “activation code” is mentioned in the subject. You are then asked to follow another link within that email where you can finally sign up for the credit monitoring service.

But even if you’re pretty sure the email is from Target, it’s always safer to type a website address into your browser rather than clicking on the link in the email, says Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy & Research.

“Live links in an email can be used to deliver malware that can compromise a consumer’s device,” he said. “The malware could then be used to steal login credentials for banking websites or payment information.”

3) It asks for money

Since the credit monitoring service Target is offering is free, you should not be asked to provide your credit card information or make a payment at any time. If the email asks for money or leads you to a website that does, don’t be fooled.

4) Grammar and spelling mistakes

If the email you receive is riddled with grammatical errors and misspelled words, that should be an obvious red flag. The actual emails Target has sent to customers can be found here, so make sure to cross-check the text of the email you received with Target’s website.

5) There’s a sense of urgency

A common tactic scammers use is to stress a sense of urgency — saying that if you don’t respond to this email immediately, the offer will end.

“They don’t want you to think about it, they want you to respond quickly,” said Pascual.

The real emails sent from Target say that consumers have until April 30 to redeem their activation codes.

CNN contributed to this report