Beware – the Equifax Scams Are Coming

Here are some of the scams – and how to protect yourself.

OK, this had to happen. It’s not a surprise. It’s just a fact of life. We live in a world of scammers, and when there is a crisis, for them, there’s opportunity. There are scams and frauds to take advantage of any crisis, its victims, and people trying to do the right thing. The Equifax hack is no exception. And the scams have already started.

“Don’t panic. But be vigilant,” suggests Susan Grant, director of consumer protection and privacy at the Consumer Federation of America. “With this breach, criminals have everything they need to victimize you.”

I normally don’t post articles about consumer scams. But the Equifax hack has made 143 million Americans more vulnerable. So here are some of the scams you might encounter … and how to deal with them.

Equifax isn’t calling. Someone else is.

“This is Equifax calling to verify your account information.” When you hear this on the phone, hang up, says Lisa Weintraub Schifferle, Attorney at the Federal Trade Commission.

“Don’t tell them anything,” she says. “They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.”

“Other calls might try to trick you into giving your personal information,” she says and offers these tips for recognizing and preventing phone scams and imposter scams:

  1. Don’t give personal or financial information unless “you’ve initiated the call and it’s to a phone number you know is correct.”
  2. Don’t trust caller ID. Scammers spoof numbers all the time.
  3. Hang up on robocalls. Don’t press any key to speak to an operator. This will only trigger more robocalls.

Too late? You already gave out your info to a scammer? Immediately change passwords, account numbers if you can, and security questions. And check your accounts for strange stuff.

Fake news articles linking to fake Equifax websites.

“Immediately after the announcement of the data breach, articles began circulating that contained a link that lets you find out if your data was stolen,” according to a report by the Identity Theft Resource Center (ITRC). But the links lead to pages that are a phishing scam trying to collect your personal information.

In my articles on the Equifax hack, I verified every link to make sure it went to where it was supposed to go, including the link to Equifax where you can find out if your data was stolen, but you don’t need to “enroll” in anything despite the encouragement do so (used it myself).

But the ITRC warns that “it takes no work at all for scammers to create their own link, request your information for ‘verification’ purposes, and then steal your data.”

So before clicking on the link, hover over it with the mouse to display the URL and make sure it leads to the company’s website you’re trying to visit. Once on that page, and before entering any data, check the URL in the address bar in your browser to make sure it actually belongs to the company you want to reach.

Emailed phishing attacks have arrived.

The ITRC warns, “There are already scam emails in circulation that suggest you check your credit report by using their handy link.” This link will lead to a site where you’re asked to enter your most sensitive data, including Social Security number. Don’t go there. Delete the email.

And by the way, if you see an online ad to that effect, don’t click on it.

Instead, to get your free credit report, go to the FTC website. It shows you where and how to get your free credit report. You have a right to one free copy per 12-month period; you can get more, but you have to pay.

Be vigilant, but don’t panic.

The ITRC recommends: “Because genuine information was stolen, be extra diligent about monitoring your account statements, looking for unauthorized charges, tracking and reporting any suspicious activity, and keeping a close eye on your credit reports.”

“If you do experience any strange activity on your accounts, report it immediately, no matter how minor it might seem at first.”

And for crying out loud, never provide any data when asked in an emailed warning or alert to do so for “verification purposes.” For example, if your bank is Citibank, and you get an emailed warning from “Citibank” asking you to click here and provide your account number, etc., for “verification purposes,” delete the email. Then go to the Citibank website, log into your account, and if there is an alert, you will see it. Or call the Citibank number you’ve been using for years and find out.

We’re going to get swamped with this crap. The Equifax hack and the justified worries and fears resulting from it are a great opportunity for scammers to make a buck at consumers’ expense. There is no reason to panic. But we do need to be vigilant — more than ever before.

Carson Block – the short-seller who peeled back the layers covering up Valeant’s murky business schemes and crushed its shares and made a ton of money, was one of the 143 million Americans whose data was stolen in the Equifax hack. And he sued Equifax. Read…   Lawsuits Against Equifax Pile Up. But Where Are the Handcuffs?

Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.



  46 comments for “Beware – the Equifax Scams Are Coming

  1. John says:

    So why isn’t scamming punishable by law enforcement? Is it because they’re too busy chasing speeders on the highways? I guess I have never heard of any scam artists ending up in jail or even a court, but I have seen plenty of vehicles pulled over, and its easy to see one or two law enforcement vehicles on the road for every 50 miles or so driven.

    • Logan D'Alessandro says:

      The scammers are often in other countries where our law enforcement have no jurisdiction. When my mother developed dementia and before I successfully sued her for guardianship over her she was scammed for over $100,000. She was about to mortgage her house to give up more money. Police couldn’t do anything (I never expected anything to come from the investigation).

      • nick kelly says:

        In France there is a law which, forgive my French, is roughly ‘abuse de faiblesse’ meaning ‘abuse of the feeble’
        It covers the many situations where a care giver etc. ends up ‘inheriting’ the estate
        This happened to a friend of mine in BC. The ICBC appointed nurse ended up with the estate.
        In France, this would be reversible and indictable, punishable by up to two years in jail.

        • Bill says:

          It’s happening in many countries. In Japan, it’s called “ore ore sagi.” The word “ore” means “it’s me,” and “sagi” means “fraud.” Basically, some guy calls an older person suffering dementia or who is generally frail and says “Hey mom, it’s me! Can you send me 10,000 bucks?” I translate legal Japanese docs for a living and see this come up a lot. Unfortunately, the swindlers usually get away with it. Rotten scum.

          BTW, Wolf, it would be great to meet you in Tokyo if our schedules ever overlap. Know you are super busy, though.

        • Wolf Richter says:

          We now live in San Francisco. My wife goes back to Tokyo a lot. I don’t have that much time anymore. So for me, it’s only about once every two years or so, unfortunately.

      • TJ Martin says:

        You’re partially correct . But the real problem stems … errr … apologies Wolf .. but … from the year 2000 and the administration in charge when after placing a family member as head of the FCC phone and internet scamming became a free for all with the regulations put in place as well as massive deregulation making the likes of you and I even more of a commodity than we already were as well as placing a target on our backs with open season announced to one and all . Which is to say .. even when said scammers are US based as they often are … and even if you can catch them what with their spoofed phone numbers / emails not to mention VPN’s robodialers and now robocallers which like Siri respond to you with scripted answers with a real person coming on only when you go off script ..

        The laws as they stand .. unlike the entire EU and UK … are helpless to do anything about them with the current laws in the US strictly favoring the scammer/caller … not you and I

        And the sad fact is .. scamming is very profitable .. not to mention us ( US ) being historically vulnerable to every form of Snake Oil , Cult and Scam imaginable .. even if they score on only one of a thousand attempts made .

        So raise hell with your congressman and senators .. to finally place our privacy over and above the profits of the phone/internet world . Yeah … like that’ll ever happen

    • chip javert says:

      John

      Are you just clueless or what?

      35-40 thousand die in traffic accidents each year in the USA (1.25 million per year through the world). Two contributing factors: speeding & alcohol (or other substances).

      • J says:

        Speeding? Tell that to the autobon.

        Slow drivers cause way more problems

        • walter map says:

          You’re trying to argue that it is responsible drivers who are at fault, and not irresponsible drivers.

          Up is down, black is white, night is day, right?

        • TJ Martin says:

          Bad drivers are the problem here not slow or fast ones . Simply stated in the UK and EU driving is considered a ‘ privilege ‘ and acquiring that privilege requires a lot of , money , hard work , learning and testing taking three months or more to complete where as driving in the US is considered to be a right with minimal testing almost zero work and very little money to complete and almost any damn fool can pass .

          To put it in perspective .. R&T magazine has several times over the decades shown than 70% of all US drivers would fail the EU/UK driving examines at least once … with at least 50% of that 70% never passing

          e.g. As with so many things in our delusions of American Exceptionalism …. in reality we’re still a bunch of back___wards country bumpkin idiots in comparison to many other countries

      • John says:

        Clueless you say? Do tell me what cost to families and marriages financial crimes amount to?

        • JR says:

          In case you haven’t watched “The Big Short” or read the book – basically financial crimes aren’t prosecuted. In fact they are rewarded. Google “government by goldman intercept” for an article that gives the backstory to the Goldman White House. Good luck to you and stay frosty!

        • walter map says:

          It’s just business John. Don’t take it personally.

      • Mugsy says:

        No chip you are clueless..there are laws against speeding and DUI….John didn’t say don’t enforce them….he did imply however the police abuse those laws treating them as profit centers for new police cars and equipment rather than focusing on public safety ,which if you ever get stopped in whiskey breath South Dakota going 35 in a 20 mph zone that appeared out of nowhere you would appreciate….also if you are so concerned about people dying in cars why not ban cars and have everyone drive tanks …AND then pass some internet scam laws along with them.

    • walter map says:

      “So why isn’t scamming punishable by law enforcement?”

      Apparently they’re reliable campaign contributors.

      • TJ Martin says:

        See my above comment for a more complete and accurate answer

      • joanrn says:

        walter, thats a good one. What’s the best insurance against identity theft? BAD credit.

        I have had my accounts frozen since I became a victim of identity theft. Does anyone know if those accounts previously frozen had their information stolen as well?

        • Given the number of large hacks, the incentives against full disclosure, and the potential for undetected hacking as well… I’d argue that everyone has to assume that all the information these organizations have collected on us has been released into the wild, or will be soon enough.

          But that doesn’t mean that the right answer is to “Credit Freeze”, when to achieve that freeze you have to (a) validate the data they think they have on you and (b) give out even MORE information that is now vulnerable to hacking. Give more data to organizations which have earned your distrust? I don’t think so.

          I read, but can’t personally confirm, that anyone with the info from Equifax could use that info to unfreeze your credit via Experian, and so on. So “credit freeze” might not be worth much anyway.

          Instead, everyone’s credit should be frozen by default from now on. The barriers to obtaining new credit should be much higher. A lot of legal cases will now involve someone evading loan payments by arguing that they were hacked and someone else took out the loan… So only someone appearing in person with full credentials should be eligible to get a loan, and “lender beware” to anyone lending money on less evidence! Given the potential for fraud even so, we also need to replace SSNs or adjust to the idea that two individuals might claim the same SSN… The repercussions of internet hacking are going to last for years!

        • joanRN says:

          i completely agree. we need a member of congress to get a bill introduced that includes those customer protections, as well as the court actions. too much hacking is occurring to continue to ignore.

  2. Marko says:

    Link doesnt work for Canadians

  3. ML says:

    Another possibilty before deleting is to forward any emails you are suspicious of to the company from which the email purports to come and let the company deal with it.

    I have done this on numerous occasions. The reputable businesses acknowledge.

  4. raxadian says:

    Why we still use e-mail instead of something safer? Is been decades guys.

  5. doug says:

    OK thanks Wolf. I checked myself out at the link you provided and yes, I probably have had some info stolen.

    They then wanted me to go to some link of theirs, which I did not do. Should I follow that link? Or are they trying to sign me up for something?
    Anyone know? Thanks.

  6. James says:

    If you get a robocall, you can always patch ’em through to Lenny
    https://www.reddit.com/r/itslenny/comments/4gjtd1/whats_your_goto_method_for_transferring_calls_to/

    You’ll need to acquire permission from the owner of the phone line, 1-347-514-7296, for your number to access the Asterisk server where Lenny’s located, but the good thing is: If the robocaller’s bogged down by Lenny, they won’t be able to scam anyone else at the time of their call.

  7. Miss Lacy says:

    I’m posting this comment a.) to inquire whether or not others have had the same problem; (from what I read on other sites, the answer is YES) and b.) to hopefully create a buzz to pressure Transunion to quit the game playing.

    Since the equifax announcement I have spent many hours trying to put on credit freezes. Experian was simple and good for them. Equifax was impossible for days, but I finally got it done. Transition has been horrible. The entire show of “don’t recognize;” “can’t process;” to an interesting ploy: “you already have an account. enter your password.” After many hours on hold over many days, I reached a woman who told me I need to request a credit report so she can verify me by asking questions. ???!!!!
    The point, as nearly as I can tell, is to steer victims into buying the transunion package, for a fee, rather than simply putting on the freeze.
    Comments and suggestions appreciated.

    • Mary says:

      I had problems with Transunion’s confusing and deceptive site. Instead of giving a straightforward way to freeze your credit, you are offered all sorts of bogus “choices”. You are forced to “register” for an account. I got about half way through that process when I came to a page that asked a bunch of questions designed to verify my identity. The questions were based on out of date (17 years!) information. When I answered the question truthfully rather than giving the answer that was expected, the whole process froze. (When my partner went through the same set of questions, she agreed to the incorrect information and sailed right through.)

      I was then given a phone number that simply does not work. A commenter on Wolfstreet had managed to obtain a working number–866-744-8221. I was on hold for about 10 minutes, but after that managed to complete a credit freeze. By the way, the phone operator did say that my “primary” mailing address according to Transunion was a house we had sold 17 years ago.

  8. Frederick says:

    There have always been lowlife scum that prey on the elderly I was a 20 year old contractor and went to look at a roof on an elderly ladies huge old house in Queens NYC She told me she had paid some nice young men 800 dollars for a chimney repair a month earlier I went up to look and saw their so-called repair which was a total joke I replaced her entire roof for 1200 dollars and that was a lot of money in 1972 The saddest thing is that she was a lovely person who made me lunch and coffee and cake for a break

  9. Sk says:

    My experience so far have been similar to Miss Lacy (“don’t recognize;” “can’t process;” etc) … Have not been able to place fraud alert or credit freeze online and even after waiting on phone for hour. Even if you mail request to their PO BOX, I doubt anyone can process heaps of possibly millions of envelopes for years even if credit companies sincerely want to do it, which I doubt they do.

    • Salemone says:

      I finally got credit frozen at all three places this morning at 6 a.m., PDT. I have no idea how or why the calls finally went through. I would call and it wouldn’t even ring, but I kept trying. Equifax and Trans I did on the phone. Experian I did online, (as their phone would not go through) and it actually worked.

      All I can say, is just keep trying. And Good Luck.

  10. c smith says:

    Here’s another scammer: This firm says title to your HOME could be stolen by hackers. Seems a stretch. They’re offering to “protect” you for just $9.99 PER MONTH!
    https://www.hometitlelock.com/

  11. Jim Graham says:

    While on my way home a little bit ago I heard a ad on the radio from Experian touting their “dark web test” that they will run for you..

    How much does that cost??

  12. Gershon says:

    Remember when we had vigilant, conscientious regulators and enforcers and elected officials looking out for the public interest and coming down hard on corporate malefactors?

    Neither do I.

    http://www.businessinsider.com/report-equifax-directed-concerned-consumers-to-a-spoof-site-2017-9

  13. Winston says:

    21 SEP 17
    Experian Site Can Give Anyone Your Credit Freeze PIN

    https://krebsonsecurity.com/2017/09/experian-site-can-give-anyone-your-credit-freeze-pin/

    “An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian.

    “The first hurdle for instantly revealing anyone’s freeze PIN is to provide the person’s name, address, date of birth and Social Security number (all data that has been jeopardized in breaches 100 times over — including in the recent Equifax breach — and that is broadly for sale in the cybercrime underground).

    “After that, one just needs to input an email address to receive the PIN and swear that the information is true and belongs to the submitter. I’m certain this warning would deter all but the bravest of identity thieves!

    “The final authorization check is that Experian asks you to answer four so-called “knowledge-based authentication” or KBA questions. As I have noted in countless stories published here previously, the problem with relying on KBA questions to authenticate consumers online is that so much of the information needed to successfully guess the answers to those multiple-choice questions is now indexed or exposed by search engines, social networks and third-party services online — both criminal and commercial.

    “What’s more, many of the companies that provide and resell these types of KBA challenge/response questions have been hacked in the past by criminals that run their own identity theft services.

    “Whenever I’m faced with KBA-type questions I find that database tools like Spokeo, Zillow, etc are my friend because they are more likely to know the answers for me than I am,” said Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI).

  14. Gershon says:

    400 college professors don’t seem to realize Congress has been bought and paid for by the corporations and the oligarchs who own them.

    http://www.marketwatch.com/story/400-college-professors-say-consumers-should-be-able-to-sue-equifax-and-other-financial-institutions-2017-09-25

  15. Gershon says:

    Equifax CEO “suddenly retires.” If we were a nation of laws, he’d be headed for a federal “pound me in the ass” prison along with the rest of his company officers.

    https://www.cnbc.com/2017/09/26/equifax-ceo-retires-following-an-epic-data-breach-affecting-143-million-people.html

  16. Zella says:

    Freezing your credit does not protect you from the millions of companies that don’t check credit. Sprint doesn’t check credit, they just us SSN’s to OPEN credit, that’s it! People wake up!!!

  17. Zella says:

    Come on, Wolf, on every article about this devastating hack you need to reveal that when you sign up for one free year of their protection racket, you lose the right to sue them. They need to be sued out of business! People, don’t give up so easily! If their corporate structure won’t punish the perpetrators, your wallet and actions can. They need to go out of business! No more profiting from our data. They sold it to the highest bidder anyway, no way was this a mistake!

    • Wolf Richter says:

      You do NOT sign away your rights to sue when you check your status at Equifax or when you put a credit freeze on your data at Equifax.

      Those are the only two things I recommended.

  18. Bandit says:

    The “Am I Impacted” link does not work. No big surprise. I pressed it several times. On the right of the page is another “Am I Impacted” button, but it just brings you to an ERROR page. Good luck with that.

  19. michael savoca says:

    There is a simple solution (not perfect) to this mess. No credit is granted by any credit card company, bank, mortgage originator etc unless a real live person, asking for the credit is present before a loan officer, bank officer, teller etc and gives up some bio identification information such as a legal photograph (like a drivers license picture) or if you wanted more security, a finger print. Some people will say, hey i don’t want that level of “intrusion” into my personal information… a picture and or a finger print. Fine, let them live within the current system, but as for me…i want a higher level of security and an end to the granting of “on-line” credit.

Comments are closed.