Written by Nick Heer.

Scammers Are Taking Advantage of Equifax Breach Settlement Notices

Brian Krebs:

The website for the settlement — equifaxbreachsettlement.com — also includes a lookup tool that lets visitors check whether they were affected by the breach; it requires your last name and the last six digits of your Social Security Number.

But be aware that phishers and other scammers are likely to take advantage of increased public awareness of the payouts to snooker people. Tim Helming, security evangelist at DomainTools.com, today flagged several new domains that mimic the name of the real Equifax Breach Settlement website and do not appear to be defensively registered by Equifax, including equifaxbreechsettlement[.]com, equifaxbreachsettlementbreach[.]com, and equifaxsettlements[.]co.

So far, those URLs do not contain anything more than parked domain advertising, but it is not difficult to imagine how they could be used — recall how something similar happened earlier in the Equifax breach. Is there a legal requirement for settlement websites like Equifax’s or the Apple butterfly keyboard suit to be separate from either party’s own hosting? I can imagine why that would be desired, but the use of these generic domains is an opportunity for scammers.

Krebs:

Of course, most of those earnings come from Equifax’s continued legal ability to buy and sell eye-popping amounts of financial and personal data on U.S. consumers. As one of the three major credit bureaus, Equifax collects and packages information about your credit, salary, and employment history. It tracks how many credit cards you have, how much money you owe, and how you pay your bills. Each company creates a credit report about you, and then sells this report to businesses who are deciding whether to give you credit.

This is a choice. In addition to 143 million Americans, thousands of Britons and Canadians were also compromised. An investigation by the Office of the Privacy Commissioner of Canada found Equifax retained consumer data beyond Canadian law and its own internal policies — data later stolen. The broker market in Canada is different to that in the U.S. but, so long as the market here is dominated by American firms like Equifax and TransUnion, the lack of a culture of privacy will be a liability.