"Hackers Go 'Phishing' In The Wake Of Target Data Breach"

ROBERT SIEGEL, HOST:

It's ALL THINGS CONSIDERED from NPR News. I'm Robert Siegel.

MELISSA BLOCK, HOST:

And I'm Melissa Block.

There are some fresh developments on the recent Target and Neiman Marcus security breaches. The theft of Target customer data was among the largest ever to hit the retail industry. And now, privacy experts are warning about so-called phishing scams that appear to offer help to those whose information was stolen. NPR's Yuki Noguchi reports.

YUKI NOGUCHI, BYLINE: Last week, Target CEO Gregg Steinhafel sent an email to more than 70 million people who had either their credit card or personal information stolen from Target's databases over the holiday season. In it, he warned customers to guard against possible scams by not responding to any text messages or to any emails requesting personal information. But around the same time, there were look-alike emails going out to some consumers posing as a warning from Target. Some of those emails asked consumers to protect themselves by clicking on a link.

WILLIAM PELGRIN: They look legitimate. They're very realistic. Everyone I could see falling prey to a particular phishing attack if it was well drafted.

NOGUCHI: William Pelgrin is the president and CEO for the Center for Internet Security, a nonprofit that advocates for greater public/private cyber security.

PELGRIN: When you get something like that, again, you're going to react very quickly. And all we suggest is take a breath, think it through. Always contact that organization directly.

NOGUCHI: Target spokeswoman Molly Snyder declined to comment for the record. But she confirmed the retailer has identified and, working with social media companies, taken down a dozen related online phishing scams. Meanwhile, over the weekend, two Mexican citizens were arrested in Texas near the U.S.-Mexico border. They were caught with cloned credit card information which local authorities are saying is related to the Target breach. But federal law enforcement officials say the connection is still unclear. The Secret Service declined comment, citing the ongoing investigation.

Steven Boyer is co-founder of BitSight, a cyber security firm that tracks the kind of malware used to infiltrate Target systems. He says he expects scams resulting from the recent breaches to be especially well-crafted.

STEVEN BOYER: What is particularly interesting about this attack is that because these adversaries were able to gain home address, email, name, they could do something very targeted.

NOGUCHI: A security company called IntelCrawler says it believes it has traced the origin of the malware to a couple of young Russians who put it up for sale in online market places. Dan Clements is IntelCrawler's president.

DAN CLEMENTS: When you have hundreds of IP addresses all pointing to a particular computer or person, it raises the probability of who they are and where they are.

NOGUCHI: One of the young men named by IntelCrawler disputes the charges that he was involved. Clements says his company has passed the information along to law enforcement. Now, based on the latest phishing attacks he's seeing, Clements says attackers are setting their sights on a new and very specific target: Executives at banks. Yuki Noguchi, NPR News, Washington.