Consumers should be wary of Equifax phishing attacks following massive data breach revealed earlier this month. The 143 million records possibly stolen in the breach will be monetized, which means many will likely be sold to hackers.
Trend Micro has said that a batch of data of this scale could be sold for around $27 million on underground marketplaces and there would be no shortage of people happy to pay for the data. The records include the exact types of information that is sought by identity thieves, phishers, and hackers.
However, it is not necessary to obtain access to the stolen records to conduct scams. Many opportunistic hackers are taking advantage of consumer interest in the breach and are preparing phishing websites to fool the unwary into handing over their sensitive information. Equifax’s response to the breach has also made it more simple for phishers to carry out their attacks.
Equifax has chosen not to advise all breach victims by mail. Only the 209,000 individuals whose credit card numbers were exposed will be receiving a breach notification letter in the post. All the remaining breach victims will have to check the Equifax website to find out if their information was impacted in the breach. With almost 50% of the population affected, and next to no one being directly informed, virtually the entire population of the United States will need to go online to find out if they have been impacted by the breach.
Equifax has created a new domain where information is given to consumers on the steps they can take to secure their accounts and minimize the risk of financial damage. The official website is equifaxsecurity2017.com. Using this website, U.S consumers can get constant updates and enroll in the free credit monitoring services being provided.
To obtain the free credit monitoring services, consumers will be sent to a website with the domain trustedidpremier.com and will need to provide their name and the last six digits of their social security number to begin the process. Hackers have been quick to take advantage and have registered swathes of websites and are using them to phish for sensitive data.