Watch for Post Data Breach Scams

Watch for Post Data Breach Scams

It seems like every other day we read about a major hack or security breach that exposes our personal and financial information.  But news about the Equifax data breach, one of the three major credit reporting agencies, was different.

The amount of information stolen was extensive, leaving 145 million Americans vulnerable to identity theft. What makes this breach particularly concerning is the type of data stolen: names, social security numbers, birth dates, addresses and some driver's license numbers. Credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people were also stolen.

Anyone impacted by the breach is now at risk of identity theft and fraud. Your personal information can be used by, or sold to, criminals who can use it to open credit cards, take out loans, make purchases in your name — or even drain your bank accounts.

How To Identfy Post-Breach Scams

Even if you were lucky enough not to be one of the hundreds of millions of people affected by the breach, this event still puts you at risk. Scammers are already finding ways to take advantage of the hack and the publicity surrounding it. All consumers, even those who have put an immediate fraud alert or credit freeze on their credit files, must be doubly vigilant.

Keep an eye out for the following:

  • Fake Equifax websites. After the hack, Equifax created a website for consumers, equifaxsecurity2017.com. It has been found that several phony websites have been developed with very similar web addresses to the true site in order deceive consumers. ALWAYS verify a website before using it.
  • Phony calls. You may receive a call claiming to be Equifax calling to verify your account information. Please note, even if your information was compromised in the breach, Equifax will not call you to confirm it. Just hang up the phone, do not press 1 to remove yourself from the list. If you stay on the line, any activity thereafter can give the scam artists additional information. Also, never trust Caller ID. Scammers can spoof numbers to make it seem as if a trusted caller is on the other end.
  • Phishing emails or texts. These fake emails and texts will appear to be from Equifax or from financial institutions. Scammers will use your real information to attempt to get more from you. The email may urge you to click on a link or open a PDF file to check your account or verify a transaction. By doing so, you could be downloading malicious software or get sent to a fake website where they can record you keystrokes.  The best advice is to assume any such communication is suspect. If you get an email that you believe may be legitimate, visit the company's website or call their toll-free number. NEVER click the links in unsolicited emails or text messages.
  • Tax identity theft. The IRS has been fighting tax ID theft for years. It’s possible that these criminals will wait until months later to strike again to send targeted scams about your tax return. They may pretend to be the IRS, an online tax filing service or your financial institution. To avoid a fraudster filing a tax return in your name, file your tax returns next year as early as you can. 

How did this happen?

In a nutshell, the breach came down to a flaw in a piece of web software, Apache Struts. The tool is used by many large businesses and government organizations — Equifax used it to support their online dispute portal where customers go to log issues with their credit reports. The most frustrating part about this breach is that a patch became available months prior, so this whole thing could have been completely avoided.

Patching software at big corporations with many machines does take time. They must first identify the vulnerability, then implement and test the patch to make sure it doesn't break anything before going with the update.

This event should raise some questions for business owners.

1. Do you know and trust your vendors? Do you trust your vendors’ vendors?

2. Who is responsible for patching your critical business applications and your network?

3. Do you know the protocol your vendors take they follow to prevent this from happening to your business? 

At IT Solutions, we take a proactive approach to safeguard our clients’ network and applications. ITSecure is our managed security offering that comes with all of our SharedVision plans. To learn about our multi-tiered approach to security, download our factsheet: 10 Ways ITSecure Protects Your Data. 

ITS Email Newsletter Archive

© 2018 IT Solutions Consulting, Inc. All rights reserved. Privacy Statement
IT Solutions
Top