We have learnt yesterday about a new phishing campaign where fake Target breach notifications were sent by cybercriminals to a growing amount of people. The email tries to get the victims' attention with the title "Alert to Target Shoppers - your identity is at risk" in the subject line. The email contains a link, which takes users who it via a series of redirects to a page with a survey and offering a $1000 shopping voucher Sears/JCPenney/Kohl's/Macy's as an incentive. Among other things, the victims are instructed to answer questions that can be used to create a pretty accurate idea of their shopping activities, which will then be directly tied to their real-world identity, as the victims are then urged to enter their name, address, phone number, email address, date of birth, etc.
To avoid users opening these mails and potentially having their accounts compromised you may want to alert your organization by sending a quick email with the above information. It is always recommended to remind users not to open suspicious mails and to never provide personal information to strangers. We have very good reminders for being vigilant with personal information here.
Also, it is always important to remind users about the importance of good passwords as we offer here.