Fake Target.com Order-Confirmation Phishing Email
Criminals send fake Target purchase-confirmation emails referencing large electronics or gift-card orders, then direct alarmed recipients to a phishing page to 'cancel' and harvest credentials.
Part of: Fake Order Confirmation Phishing Scams
Last reviewed: 7 June 2026
Target.com's growing electronics and marketplace business makes it a plausible vehicle for fake order-confirmation attacks. Scammers craft emails that mimic Target's signature red-and-white branding and claim a significant purchase has been made on the victim's Target account.
Like Amazon and Walmart variants, these messages bank on immediate emotional reaction: the victim does not recall the purchase, fears their account has been compromised, and clicks the provided link to cancel before thinking to check their account directly. The link leads to a fake Target sign-in page.
Target's real confirmation emails come from @target.com, reference your full Target Circle or guest account name, include the delivery address on file, and every order is verifiable inside Your Target Account. Scam emails fail at least one of these checks.
How this scam works on the Target brand
Fake Target order emails most often describe a television, laptop, gaming console, or a bulk gift-card purchase, with a total cost high enough to alarm. The email references a plausible-looking order number and a delivery address that may be vague or completely absent.
The 'Cancel Order' button links to a spoofed Target sign-in page hosted on a domain like target-support.com or mytargetorders.net. Entering credentials on that page hands them directly to the attacker, who can then log into the real Target.com, change the password, and use saved payment methods.
Some variants also ask the victim to call a listed phone number. The 'Target agent' on the line will claim the account has been compromised and request remote access to the victim's computer to 'secure' it, after which banking applications are accessed and funds transferred.
Common red flags
- Sender domain is not @target.com
- No delivery address or a fabricated address in the email body
- The 'Cancel Order' link leads to a domain that is not target.com
- A phone number is provided for cancellation — Target's cancellation is handled online
- Logging into Target.com directly shows no such order
- Request for remote access to your computer from someone claiming to be Target support
How to protect yourself
- Go directly to Target.com and check Orders in your account — if it is not listed there, the email is fake
- Use two-step verification on your Target account under Account > Settings
- If you already clicked the link and entered your password, change your Target password immediately and check your saved payment methods
- Never grant remote access to your computer to someone who calls claiming to be a retailer resolving a fraudulent order
How to report it
- Forward phishing emails to [email protected]
- Report to the FTC at reportfraud.ftc.gov or your national cybercrime authority
- If your account was compromised, contact Target Guest Relations immediately at Target.com/help
Frequently asked questions
How do I verify a Target order email is real?
Sign in at Target.com directly and check your order history. Real Target emails come from @target.com and reference your account name and registered delivery address.
What if I already entered my Target password on the fake page?
Change your Target password immediately, then check your saved payment methods and recent orders for any unauthorised activity. Enable two-step verification to prevent further access.