Target is sending out millions of emails to customers who had their personal information stolen in the recent security breach, and scammers are coming out of the woodwork.
The emails offer customers free credit monitoring services for a year. But it's not always easy to tell whether the email landing in your inbox is legit.
Here are five signs the email you've received isn't really from Target:
1) The email address doesn't match
Target's emails are being sent from TargetNews@target.bfi0.com. So if the email you receive comes from a different email address, that's your first indication that it's a scam.
But even if the email address does match the one Target is using, you're not completely safe. Scammers can easily "spoof" addresses -- meaning they can forge the address and make the one that is displayed to recipients look like anything they want.
2) It asks for personal information
Target's emails do not ask for a Social Security Number, phone number, address or any other personal information.
Instead, the retailer provides a link to a website where you can receive an activation code for a free credit monitoring service. After going to that website, creditmonitoring.target.com, and providing your email address, you will be sent another email where "activation code" is mentioned in the subject. You are then asked to follow another link within that email where you can finally sign up for the credit monitoring service.
But even if you're pretty sure the email is from Target, it's always safer to type a website address into your browser rather than clicking on the link in the email, says Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy & Research.
"Live links in an email can be used to deliver malware that can compromise a consumer's device," he said. "The malware could then be used to steal login credentials for banking websites or payment information."
3) It asks for money
Since the credit monitoring service Target is offering is free, you should not be asked to provide your credit card information or make a payment at any time. If the email asks for money or leads you to a website that does, don't be fooled.
4) Grammar and spelling mistakes
If the email you receive is riddled with grammatical errors and misspelled words, that should be an obvious red flag. The actual emails Target has sent to customers can be found here, so make sure to cross-check the text of the email you received with Target's website.
5) There's a sense of urgency
A common tactic scammers use is to stress a sense of urgency -- saying that if you don't respond to this email immediately, the offer will end.
"They don't want you to think about it, they want you to respond quickly," said Pascual.
The real emails sent from Target say that consumers have until April 30 to redeem their activation codes.