The phone call appears to be from Equifax, but you might not think that’s unusual since you recently signed up for free credit monitoring after you learned your credit file may have been compromised.
But hold on, is Equifax really going to personally call all 143 million consumers potentially exposed in this massive data breach? No they are not. The person on the other end of the line is a scammer.
Lisa Weintraub Schifferle, an attorney with the Federal Trade Commission (FTC) says she has little doubt scammers will take advantage of publicity surrounding the data breach to try to trick consumers into revealing their personal information all over again, or launch any number of other schemes built around Equifax.
If you have enrolled online in Equifax’s free credit monitoring service, the final step will be an email from the company, not a phone call. If someone calls you asking for personal information, hang up.
Don’t trust caller ID
While montioring calls with Caller ID is usually helpful, consumers should remember not to rely on this information when it comes to spotting scammers.
Spoofing telephone numbers to show up on Caller ID is old hat for scam artists these days, so it’s helpful to remember this advice even when you’re not at risk for a potential scam.
If you’ve received a call from someone claiming to be from Equifax, the FTC would like to know about it. You can report it here.
The Equifax data breach is coming under scrutiny by lawmakers, federal agencies, and at least six state attorneys general.
Sen. Elizabeth Warren (D-Mass.) is asking the Government Accountability Office (GAO) to investigate how consumer files are handled at all three credit bureaus. In a letter to Equifax, Warren says the company has “failed to provide the necessary information describing exactly how this happened, and exactly how [the agency’s] security systems failed.”
Warren is also co-sponsoring a bill in the Senate that would give consumers more control over their credit information by eliminating the fees they are currently charged when they freeze and unfreeze their credit files. Security experts say freezing access to credit reports is the only real defense consumers now have if they are included in the data breach.
Policymakers are also likely to take a hard look at security measures the credit bureaus use to handle consumers’ most sensitive information.
Hold Security, a firm providing cyber security services, announced its technicians were able to easily break into an Equifax Argentina website because the user name and password were the same – “admin.” According to the company, that discovery “paints a grim picture of the state of security within Equifax.”