Home Depot is still coming to grips with its massive data breach that exposed information on 56 million customers - click here for the details. However, it's starting to reach out to affected customers, and that's a dangerous time for you.
Scammers love the time just after a data breach because there's plenty of confusion. They can send out fake email claiming to be from the hacked company and plenty of people will click on links and download attachments they shouldn't.
Scammers just tried it with Apple and the iCloud "hack" - here's the fake email I got and how I knew it was fake - and it's happened in the past with other companies.
So, when an email from Home Depot showed up in my inbox, I was understandably cautious. Here's what you need to know if it shows up in your inbox.
Here's what the email looks like.
Subject: Notice to Our Customers from The Home Depot
Dear Valued Customer,
As you may have heard, on September 8, 2014, we confirmed that our payment data systems have been breached, which could potentially impact customers using payment cards at our U.S. and Canadian stores. On September 18, 2014, we confirmed that the malware used in the breach has been eliminated from our U.S. and Canadian stores and that we have completed a major payment security project that provides enhanced encryption of payment data at point of sale throughout our U.S. stores, offering significant new protection for customers. There is no evidence that debit PIN numbers were compromised or that checks were impacted. Additionally, there is no evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.
We are offering customers who used a payment card at a Home Depot store in 2014, from April on, 12 months of free identity protection services, including credit monitoring, beginning on September 19, 2014. We apologize for the frustration and anxiety this may cause you and we thank you for your patience during this time.
For more information, please visit our website where you’ll find frequently asked questions, helpful tips, our Important Customer Notice, and information about how to take advantage of the free identity protection services, including credit monitoring. Should you have questions regarding the authenticity of this email or any additional questions over the coming days and weeks, please call 1-800-HOMEDEPOT.
We hope this information is useful and we appreciate your continued support.
The Home Depot
Please do not reply to this email. To contact us call 1-800-HOMEDEPOT, or contact us at The Home Depot, Attn: Privacy Official, 2455 Paces Ferry Road, N.W., Atlanta, GA 30339-4024, USA.
So, what do you think? Is it real or fake?
If you said this email is real, give yourself a pat on the back. If you said it wasn't, that's OK - it's always better to err on the side of caution.
So, how do you know it's real? Well, first of all, it comes from "email.homedepot.com," which is the real Home Depot address.
Second, it's well-written and has the correct logo. Fake email usually has formatting or writing mistakes that no large corporation would make.
The biggest tell, though, is that it doesn't contain any links or email attachments. It just tells you to go to Home Depot's site for more information and gives you Home Depot's customer service number to call.
That's exactly what you should expect from a company sending this kind of email. There's no possibility for scammers to be trying to trick you - unless the phone number is fake, and you can double-check that on Home Depot's site very quickly.
If an email like this does every contain links or an email attachment, then it's more likely to be a scam. You always want to open your browser and visit the company website yourself, or call their customer service line. That way there's no way for scammers to trick you.