The Equifax data breach has led us to a predictable development: Warnings that email scam artists are going to exploit the situation.
On Sunday, a financial advisor named Ray Mignone claimed that purported emails from Equifax could be a scam. ““Be wary of any emails you receive which suggest you click on this or that link, he told the New York Post.
And an Equifax spokeswoman urged consumers to be wary of fake websites.
“These scams, are designed to capture personal information [known as phishing], are designed to appear as if they are from Equifax and the emails may link to websites purporting to be operated by Equifax,” she told the Post.
Critics may not be moved by the fact that Equifax, after a breach in which data on millions of consumers was exposed, is now kindly advising them to watch out for email scam artists. But the warning took on a certain life.
“If you receive an email link from Equifax offering to help you survive its massive security breach, DON'T CLICK ON IT,” wrote News4. “It's likely a scam.”
It adds: “Many are going around and new ones just popped up over the weekend. Some financial advisors have frozen their credit card accounts.”
Neither of these reports contained evidence that such scams exist. Then I checked my own inbox, and found an offer that landed over a week ago.
The from line says it is from Credit Score Check.
The subject line: Equifax breach: is your credit compromised?
I opened it and read, “Are You One of the 143 Million Hit by the Equifax Breach?”
It invites the recipient to click through and “GET ALL 3 SCORES AND REPORTS NOW!”
Your FreeCreditClick Team
Now this could be legit, but it clearly wasn’t from Equifax. I’m going to do a Malware scan of my computer to make sure I didn’t pick up a virus just by opening it. And I’m not going to click through “to get all three scores.”
Last week, the Consumer Federation of America alerted consumers about three possible scams that could follow the Equifax breach:
Meanwhile, the accusations and revelations keep rolling in.
The New York Times reported on Sunday that, as part of its pitch to clients, Equifax “promised to safeguard information. It even sold products to help companies hit by cyber-attacks to protect their customers.”
At the same time, the firm under Richard E. Smith was releasing “dozen of new products each year and doubling revenue” the Times continued. “The company build algorithms and started scrubbing social media to assess consumers.”
For example, Smith described a new system that searched four billion public tweets for keywords like “car” and “automotive” lease.” It paired the tweets with a person’s Equifax credit file. In real time, the credit bureaus could identify potential buyers and provide its customer, a company selling car leases, with everything it wanted to know about those people.”
Consumers generally cannot opt out of being put in credit reports — if there is a way, it also means they are opting out of the financial system.
But they should be able to opt out of credit data that is put to marketing use.
Years ago, before the rise of digital marketing, the credit bureaus offered aggregated mailing lists based on credit reports. This led to a backlash, and the bureaus backed off, one after rounds of litigation.
Granted, some of the biggest critics were mailing list providers who saw these products as a competitive threat. Still, a consensus emerged that credit data should not be used for marketing.
But that was then. We’re in a different time, one with far more advanced capabilities.
Some of the more obstinate critics have called for criminal prosecution and for breakup of the credit bureaus. I don’t expect any of that to happen.
But I do fear other data breaches — for example, there are reports today that Deloitte has been hit by cyberattack — and the spilling over of this scandal to affect the data compilation giants, email marketers and anyone who has data on consumers. When the GDPR takes affect next year, firms that suffer breaches can expect savage fines if they happen to be holding data on European citizens.
Equifax had not responded to a request for comment at deadline.
In the meantime, don’t click on any emails pretending to protect your credit score.