Equifax Phishing Scams Offer Victims Compensation But Steal Bank Credentials

Equifax phishing scams have been detected which are attempting to take advantage of individuals who were affected by the 143-million record data breach and want to make a claim to recover their out-of-pocket expenses.

Several lawsuits have been filed against Equifax over the breach. One of those lawsuits, filed by the Federal Trade Commission, has recently been settled for $700 million. That figure includes a fund of $425 million to cover claims from victims of the breach.

Anyone who was affected by the breach is entitled to submit a claim, and with so many people affected, scammers have a more than reasonable chance of landing an email in the inbox of an individual who was affected by the breach. More than half the population of the United States had their information exposed.

In order to make a claim, victims of the breach must visit a website set up by Equifax where claims can be processed. The name of the correct domain reflects its purpose – equifaxbreachsettlement.com – which does have a hint of phishiness about it.

Cybercriminals have set up a plethora of fake sites that closely resemble the genuine website, with similarly phishy but realistic names. Those sites similarly allow victims of the breach to submit a claim.

When submitting a claim on the genuine website, the claimant must enter their contact information and make their claim. They can choose to have the payment sent on a pre-paid card or by check in the mail. At no point must a Social Security number, bank account information, or credit card information be entered.

Large-scale spam campaigns are being conducted inviting victims of the breach to submit their claim and receive their share of the settlement amount. Hyperlinks are embedded in the messages which link to fake Equifax claim webpages.

After landing on these phishing webpages, users are guided through making a claim. Contact information is requested along with other sensitive information to confirm identity. Bank account information is also requested to process direct deposit refunds.

After entering in all that information, the claim is submitted, and the user is likely to be unaware that their sensitive information has been stolen.

Any email received in relation to the Equifax data breach settlement should be treated as potentially suspicious. Anyone wanting to make a claim should visit equifaxbreachsettlement.com