Equifax tweets sent victims to phishing site
Consumers were misdirected to a phishing website by Equifax itself (you can’t make this stuff up), according to various published reports. Over the last couple of weeks, tweets from the official Equifax account and signed by “Tim” directed a handful of Twitter users to a fake site instead of to the official Equifax site set up specifically to help concerned consumers, Equifaxsecurity2017.com.
The fake site used an address similar to the valid Equifax site. Instead of offering help, the site mocks Equifax for “using a domain that’s so easily impersonated by phishing sites.” Equifax has since deleted the tweets.
“All posts using the wrong link have been taken down,” a company spokesperson said. “We apologize for the confusion.”
Equifax has said that the personal information of 143 million consumers was potentially compromised in the cyberattack revealed by the company Sept. 7.
Equifax data breach and credit freeze: Beware these 3 scams
Consumers must be doubly vigilant following news of the massive mishap, experts warn. Even if you were wise enough to put an immediate fraud alert or credit freeze on your credit files, con artists are likely to go into hyperdrive finding new ways to take advantage of the hack and the publicity surrounding it.
“Don’t panic. But be vigilant,” said Susan Grant, director of consumer protection and privacy at the Consumer Federation of America. “With this breach, criminals have everything they need to victimize you.”
Here are three cons that experts believe will become prevalent in the aftermath of the Equifax (EFX) data breach.
Impostor scams (even after you’ve initiated a credit freeze)
The Federal Trade Commission warned Thursday that it expected a new wave of imposter scams, with con artists posing as representatives of Equifax “calling to verify your account information.” Given that Equifax is providing free credit monitoring and credit freezes in wake of its data breach, the call may sound legitimate, the agency warned. But don’t ever provide any privy information over the phone.
The purpose of this con is to get you to provide private information — including some of the information that was leaked in the breach — to a caller or via email. Even if your information was leaked, not all fraudsters are likely to have access to it.
Providing information to a new con artist over the phone simply increases the chance that you’ll be victimized. Of course, if your data wasn’t part of the Equifax attack, giving it out over the phone gives you a chance to join your friends and neighbors in having your data exposed on the dark web.
Information about the Equifax breach, including a simple tool to tell you whether the company believes your data was accessed in the breach, can be found on the company’s web site. Even if this tool indicates your data was spared, you can sign up for free credit monitoring for a year and Equifax will also waive any costs entailed in freezing your credit report, if you act within the next two months.
Tax identity theft that could rob you of your IRS refund
The Internal Revenue Service has been fighting tax identity theft for years. These scams involve criminals getting victims’ names, addresses and Social Security numbers to file fraudulent tax refund claims. The agency cites data breaches as one of the main ways that con artists get the relevant information to pull off tax identity theft.
Victims often get the first inkling of a problem when they file their annual tax returns and the IRS notifies them that another return has already been filed and their refund has been claimed. While the agency has a task force dedicated to these cons, they are complex and difficult to solve, often taking more than four months to investigate, according to the agency.
If your information was compromised in the data breach, make a point of filing your annual tax return promptly. And take immediate action if you are informed that more than one return was filed in your name; that you owe additional tax; or that IRS records indicate that you earned more than the amount of wage you reported.
What action should you take? File a police report and a fraud report with the FTC Identity Theft Hotline (877-438-4338). Also, complete IRS form 14039, the Identity Theft Affidavit. You may be forced to file your tax returns on paper in the meantime. If you do not get a prompt response from the IRS, call the Identity Protection Specialized Unit at 800-908-4490 for assistance.
Spear-phishing to crack your bank and brokerage accounts
The data made available through the Equifax breach is also likely to spur a wave of so-called “spear-phishing” scams that could put more than your credit at risk. Phishing scams are often unsophisticated email and phone cons aimed at getting you to reveal privy data, such as your Social Security number. Spear-phishing cons are far more sophisticated.
These use your real data — the type of data compromised in the Equifax breach — to mimic legitimate communication from your bank or broker. The email may urge you to click on a link or open a PDF file to check your account or verify a transaction. However, if you click on the link, you could be downloading malicious software on your computer that would allow the crook to hijack your system or record your keystrokes.
The best advice after the Equifax breach is to assume any such communication is suspect. If you get an email from your bank, broker or credit card issuer and believe it’s legitimate, visit the company’s website or call their toll-free number. Do not click on the link.