With all the high profile breaches pretty much every one of us has received a breach notification email in the recent past. But how many of you could tell if it was legitimate?

Take this email from Target from early in 2014.">With all the Target Phishing ">around at the time many people questioned the legitimacy of this email.At first glance it looks pretty legitimate.

With all the garbage email we receivemost of us have been diliigent that at a minimum we check two things:

- links in the email point to where the link says it points and that where the linkpointslooks legitimate,

- sender address, and reply-to, addressdoes not look spoofed

In this case there is only one link in the email and it points to creditmonitoring.target.com, which is a page in the target.com website. What made people question the legitimacy was the from email address. It was sent from [email protected] Clearly not a Target domain.

It turns out this email is legitimate. bfi0.com is a part of Epsilon Interactive a marketingservice that Target uses for customer marketing. ">A: To make sure you continue to receive Target emails in your personal inbox (not bulk or junk folders), please take a moment to add Target.com">">This one from Fisher Pricealso looks, and is, legitimate. ">">From: "> ">">Subject: Important Request from">">Reply-To:">To ensure you receive our">">">In order to improve your">Online Store website experience, we have transitioned to a different technology platform. As part of the transition, existing password information has been removed from your account. Before you can login to your account on the new site, you will need to reset your password using the Forgot Password?">Thank you for your immediate attention to this matter and your continued interest in">">">Please note that this does not affect your password for">.com. No changes are needed for your">Questions? Please contact Customer Service at">">">">">As far as I know this email did not have anything to do with a breach, just anupgrading of their website security, butChris, who sent this to the ISC, indicated that it stank of Phishing. I must admit that something about this emailgave me the heebee jeebees at first, but at second glance this isone of the better ways of getting users to change credentials. There are no links in the email only a recommendation to use the websites Forgot Password">">What">

-- Rick Wanner - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Internet Storm Center Infocon Status