After the Equifax Breach, Watch Out for Phishing Scams

After the Equifax Breach, Watch Out for Phishing Scams article image.

If the Equifax data breach wasn't bad enough, it could expose you to risks that have nothing to do with the breach itself, or the culprits behind it. Other criminals are eager to exploit valid concerns over identity theft, and to use them as leverage for stealing personal information.

The Federal Trade Commission warns that consumers have received bogus phone calls from scammers claiming to be from Equifax. Any day now, you can expect breach-specific variations on perennial phishing scams to land in your email inbox or to show up in your text messages. They'll promise to help you protect your personal data, then try to trick you into giving it up.

These ploys may have a higher chance of success than ordinary phishing schemes for several reasons:

  • They're timely. Unlike a Nigerian prince's random plea for cash, these messages arrive at a time when we're hungry for answers, and even expecting useful information in our inboxes. (For some of that useful information, see: Data Breach: Five Things to Do After Your Information Has Been Stolen)
  • They're in good company. You'll be receiving plenty of legitimate messages about the data breach, offering genuinely helpful advice. That ironically makes the bogus messages less conspicuous.
  • They appear to come from trusted sources. Phishing scammers are great mimics and fairly good psychologists. They know the kinds of resources people turn to for advice about personal finances, so that's what they'll likely pretend to be—with messages that contain the logos, letterhead, and maybe even the same fonts used by those sources. Financial institutions, news outlets, government agencies, and popular national organizations are all candidates. Some bogus communications will likely try to look as if they come from Equifax as well.
  • Credit monitoring does require personal information. Legitimate companies that track financial activity made in your name do in fact need detailed information about you, including your Social Security number. Those services can do you a lot of good, but make sure they're who they claim to be before giving up your information.

Guidance found here on avoiding phishing scams is all relevant, but these are a few top-line reminders about avoiding criminal attempts to benefit from the Equifax hack:

  • Never fill out and submit forms that appear in the bodies of email messages. Email forms are fine for surveys and quizzes, but they're not secure. Legit organizations will direct you to a secure website to collect any data they need.
  • Triple-check the address of any website requesting personal information. Pull up the organization's real website and compare the text that appears before the first "slash" (/) in its address. Look for slight anomalies such as .co instead of .com, "typos" or extra "dots" in the main name, etc. Also make sure the address begins with https://; the "s" indicates it's encrypting your data.
  • Beware of requests for information the sender should already have. Your bank already knows your account number, the IRS knows your Social Security number, etc. Sometimes legitimate organizations ask for partial numbers to ensure you're who you say you are—but be careful: Giving even that to a thief can help them pose as you.

If you're concerned whether a message is genuine, forward it for verification to a trusted contact, such as a customer-service rep at the organization that claims to have sent it. It never hurts to ask. And if you've receive a call or email you think is a scam, report it to the FTC.

The purpose of this question submission tool is to provide general education on credit reporting. The Ask Experian team cannot respond to each question individually. However, if your question is of interest to a wide audience of consumers, the Experian team may include it in a future post and may also share responses in its social media outreach. If you have a question, others likely have the same question, too. By sharing your questions and our answers, we can help others as well.

Personal credit report disputes cannot be submitted through Ask Experian. To dispute information in your personal credit report, simply follow the instructions provided with it. Your personal credit report includes appropriate contact information including a website address, toll-free telephone number and mailing address.

To submit a dispute online visit Experian's Dispute Center. If you have a current copy of your personal credit report, simply enter the report number where indicated, and follow the instructions provided. If you do not have a current personal report, Experian will provide a free copy when you submit the information requested. Additionally, you may obtain a free copy of your report once a week through December 31, 2022 at AnnualCreditReport.