It was recently revealed that cyber-criminals stole more than 143 million credit records, including Social Security numbers, driver’s license numbers and addresses, from Equifax, one of the three major consumer credit reporting agencies.
It might not seem like a cyber hack of this magnitude could get any worse; after all, very private and personal information has been exposed and could cause a financial nightmare for so many people. Unfortunately, a bad situation is about to become a lot worse.
If you found out your information was involved in the Equifax breach and have since taken preventive measures to protect yourself, don’t think you’re necessarily safe now. You’re actually a prime target for another cyber-attack, one in which a hacker will play to your vulnerabilities as the victim and claim to want to help you.
Con artists will use the Equifax hack to take advantage of those with little understanding of the technology and their personal data. Phishing schemes will be on the rise in the wake of the breach. Hackers will call or email claiming to be from Equifax and say they are reaching out to rectify the situation.
Never take their word at face value. Always ask for a reference number or case number and insist on calling the company back at the published toll-free number. If it’s legitimate, the caller won’t have a problem with you doing your due diligence. If the caller tries to keep you on the line and tries to persuade you to work with them instead, it’s most likely a scam.
Typosquatting, or URL hijacks, are common methods of secondary hacks. Emails direct individuals to websites that are counterfeit versions of the actual website. It will look almost identical to the real Equifax website, and the verbiage will be nearly identical. A closer look, however, reveals some subtle differences. Equifax might be spelled Eq1fax, or instead of .com be on the lookout for websites ending in .uk or .au. These websites ultimately direct you to fill out a form asking for all different kinds of personal information. Again, your best bet is to call the company directly.
Maybe you’ve changed all your passwords since the Equifax breach, but be careful who you share that information with. Hackers will be reaching out claiming to be from Equifax and will tell you they want to update your records, including your password, but that they need to confirm your current password first. It’s a scam. If you have a secure online login, a caller should never ask you for your online password. This is a telltale sign that something isn’t right.
Another reason the Equifax breach could impact consumers even more is because it started in mid-July and wasn’t discovered until July 29. Worse, the company didn’t let the public know about it until last week. Theoretically, that’s potentially just under two months that your information was used against you.
If you’ve been impacted by the breach, it’s imperative you keep a very close eye on activity related to your credit cards, bank accounts, mortgage and other loans, Social Security and Medicaid if you receive benefits.
As we continue to recover from this massive breach of personal information, make sure you don’t get caught up and scammed in the aftermath of it all.
The reality is our lives are progressively moving online, and hackers are well aware of where we keep our most precious information.
Like most things in life, the benefits outweigh the risks. The key is taking the proper measure to protect yourself.
Dr. Richard White is an expert in the fields of cybersecurity infrastructure, cybersecurity remediation and cybersecurity program development. He is the author of "Cybercrime: The madness behind the methods" and is the managing director of Oxford Solutions. The opinions are the writer's.