Cyber Awareness Training: Equifax Security Breach, Phishing Scams & Identity Theft
Cyber Awareness Training
In the wake of the massive Equifax security breach that was recently exposed, we wanted to take action to educate our clients about the breach and what's happening as a result of it. First, though, as part of this cyber awareness training brief, we want to take some time to review the specifics of what happened. As reported by the New York Times on September 7, 2017:
'Equifax, one of the three major consumer credit reporting agencies, said on [September 7] that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.'
Does the Equifax Security Breach Affect You?
Yes, unfortunately, the breach very likely affects you, and we encourage you to take immediate steps to protect your personal and financial data. Equifax is offering free credit monitoring and identity theft insurance for one year, as well as the option to freeze your credit reports for free. We have confirmed that Equifax will not ask for any credit card information in order to enroll you in the service, nor will you be automatically re-enrolled after the complimentary year. You should know, though, that Equifax's service may take several days to begin because the company has been so inundated with enrollments.
Given that many people no longer have faith in Equifax to protect their data, you may choose to look into credit monitoring services from other companies, of which there are many. Regardless of which service you choose, be aware that you must sign up for monitoring before you freeze your credit file, as the act of freezing your report prevents you from putting such monitoring in place.
What Else Can You Do to Protect Yourself?
In addition to educating you regarding the breach itself, the purpose of this cyber awareness training brief is to make you aware of the potential fallout of such a scam. First, know that the personal details that have been left exposed will be ultimately be used by cybercriminals to attempt to create fraudulent identities and use these identities to open accounts and apply for loans and credit card. So, in addition to signing up for credit monitoring, you should check all three credit reports yourself (go to annualcreditreport.com to see them for free). You'll also need to review your all your financial statements extra-carefully each month to check for suspicious activity.
If you find fraudulent charges or suspect that someone has used your identity to make fraudulent purchases, contact your financial institution immediately and visit identitytheft.gov to report the theft and learn how to recover from the theft. The federal government's identity theft website also recommends that you try to file your taxes early, before a scammer can.
What You Need to Know About Equifax Phishing Scams
In addition to monitoring your finances, you also need be extra-vigilant about opening emails and responding to phone calls from unknown numbers right now. That's because within hours of the breach being announced, cybercrooks began capitalizing on the initial crime to attempt crimes of their own. In the days and weeks following a widespread security breach, people become understandably panicked and may desperate to do whatever they can to protect themselves. The bad guys know this. So, an essential part of any cyber awareness training involves reinforcing to people that they need to stay calm and use common sense when determining how to respond to a breach. First, let's take a look at this warning from Equifax's website:
'Some Equifax customers have reported receiving e-mails appearing to be from Equifax requesting that they provide confidential information such as User ID and Password. Equifax would never send an email asking for this information. These e-mails have not been sent from Equifax and are not legitimate. PLEASE DELETE THE MESSAGES IMMEDIATELY AND DO NOT RESPOND TO THEM. Simply clicking the link in a spoofed e-mail can be dangerous, even if you do not provide the information requested.'
How Can You Avoid Falling Victim to Phishing Scams?
Unfortunately, because the criminals who stole your data now have your Social Security number, they might sound very legitimate, even rattling off your entire social security number in an attempt to reassure you that the call is authentic. Don't respond to any phone calls that threaten you with scare tactics, such as those pretending to be from the IRS.
The tough thing about spotting phishing emails is that some companies legitimately use email to sell products and services for which you need to click on embedded links to purchase the products. One way to spot a fraudulent email is to check the sender's address. These are usually nonsense email addresses that have no connection to the company they claim to represent. Even if these appear authentic, you should also check the legitimacy of the embedded links by hovering over them with your mouse (without clicking) and reading the web address that appears there. The embedded links should always direct you to a secure site with an https:// prefix and with the company's official website address following it. (check out our article on why you should make your website https)
NEVER click on a link from one of these emails if you're not sure of its legitimacy. If you receive such an email and you're concerned that it's truly legitimate, the best thing to do is call the company--not from the number provided in the email, but using the number found on the company's website or on your financial statement.
What Equifax Phishing Scams Are Circulating Now?
Regarding the Equifax breach in particular, you should be on the lookout for phishing phone calls or emails from scammers offering to:
- check whether your data is compromised
- provide you with free credit protection
- enroll you in a class-action lawsuit (see below for more on this)
- address a breach or theft that they claim has already occurred
If you suspect a phishing scam, hang up the call or delete the offensive email immediately without responding in any way.
Should You Sue Equifax?
As for getting involved in any sort of lawsuit against Equifax, we won't comment since we are not qualified to provide legal advice. However, we will say that we are confident class-action lawsuits are forthcoming, and you can keep apprised of such suits by visiting classaction.com If you want more information, this article from TechCrunch addresses the legal aspect of the situation much more completely.
We hope that, as a result of this cyber awareness training brief, you feel a little more prepared to deal with the fallout of the Equifax security breach and know how to protect yourself going forward. For more information on steps you should take to protect your social security number from being misused, we suggest you read this Consumer Reports article. If you'd like your organization to receive cyber awareness training on the Equifax breach or on any other aspect of cybersecurity, please contact us to set up a comprehensive on-site training at your place of business.!
Our Credentials and IT Services:
- Award Winning (MSP Mentor) Managed Services Provider
- Microsoft Silver Certified Partner & Small Business Specialist
- Managed IT Security Services Bundled into Support Plans
- Your Local and Reliable New Jersey IT Consultants