Scam of the day – September 23, 2017 – Massachusetts Attorney General sues Equifax

Massachusetts Attorney General Maura Healey became the first state attorney general to sue Equifax in regard to the recent massive data breach.  Specifically, the lawsuit accuses Equifax of not properly updating its Apache Struts software with security patches for vulnerabilities that were exploited by the hackers although the patches were available months before the data breach.  The lawsuit also accuses Equifax with a failure to promptly notify victims of the data breach in a timely fashion and failing to encrypt data.

The lawsuit seeks civil penalties and other financial penalties.   I expect numerous other state attorneys general to also sue Equifax in the days ahead.

TIPS

I will keep you informed as to developments in this case as well as the multiple class actions that have been filed privately against Equifax in regard to the data breach and let you know what you may need to do to obtain compensation related to the data breach.  In the meantime, if you have not already done so you should freeze your credit at each of the three credit reporting agencies and sign up for Equifax’s free identity protection services which are being offered for one year.

Scam of the day – September 20, 2017 – Freedom from Equifax Exploitation Act introduced in the Senate

In the wake of the Equifax data breach, Senators Elizabeth Warren of Massachusetts and Brian Schatz of Hawaii have introduced legislation in the United States Senate entitled the Freedom from Equifax Exploitation Act or FREE Act.  Someone was obviously pretty adept when coming up with this acronym.

If passed, the bill would create a federal standard for credit freezes and require that they be able to be done and lifted at no cost to consumers at any time.  It also would require consumers to be refunded any charges incurred in freezing their credit reports at the other credit reporting agencies in response to the Equifax breach.  In addition it provides for consumers to receive more free copies of their credit reports.

TIPS

Here is a link to the full bill.

https://www.warren.senate.gov/files/documents/2017_09_15_Freedom_from_Equifax_Exploitation_Act_Text.pdf

If you support this bill, you should contact your Senators.    Here is a link for doing so.

https://www.senate.gov/reference/common/faq/How_to_correspond_senators.htm

Presently this bill stands little chance of passage, however if the public is heard, hopefully the laws will change to better protect our privacy and security in regard to credit reports.

Scam of the day – September 17, 2017 – Scammers attempting to exploit Equifax data breach

As I often say, things aren’t as bad as you think – they are far worse.  It is not bad enough that 143 million Americans are at heightened danger of identity theft due to the massive data breach at credit reporting agency, Equifax, but now scammers are seeing the concern of people about the data breach as an opportunity to scam them out of their money.

Scammers are contacting people by phone, email and text messages posing as Equifax claiming that they are there to help the victims of the data breach, when the truth is that the scammers merely want to lure you into providing personal information and use it to make you a victim of identity theft.   You can’t trust your Caller ID because through a technique called “spoofing” it can be manipulated to make a call from a scammer appear to be coming from Equifax.

TIPS

It is a good rule to never provide personal information of any kind to someone who calls you on the phone.  If the call appears legitimate, call the person, company or agency back at a telephone number that you know is accurate.

The same rule applies to emails and text messages you receive.  Never provide personal information until you have confirmed that the communication is legitimate.

In this case, Equifax is not contacting victims by email, phone or text messages asking for personal information or credit card information.

Scam of the day – September 15, 2017 – The importance of updating your software

I am constantly preaching about the importance of not using outdated software which is not updated with the latest security patches, such as we saw as the basis for the WannaCry ransomware attack which exploited vulnerabilities in the Windows XP operating system, which Micosoft had long ago stopped supporting with security updates.

It is important to update all of your software with security patches as soon as they become available.  Equifax has recently confirmed that the vulnerability exploited by hackers in its recent massive data breach was in the Apache Struts software used for developing apps.  The specific vulnerability was designated as CVE-2017-5768.  The problem is that this vulnerability was first exploited by hackers against Equifax in May while a security patch was made available as shown here this security update in March.  https://nvd.nist.gov/vuln/detail/CVE-2017-5638

If Equifax had been prompt in its updating of its Apache Struts software, it could have avoided this data breach.

TIPS

The lesson is clear.  Update all of your software programs as soon as security patches are available and whenever possible, make the updating of security patches automatic so you don’t even have to take any specific action yourself to make sure that you are operating the most safe and secure versions of your software.

Scam of the day – September 10, 2017 – Further important Equifax updates

It is unusual here at Scamicide to discuss the same scam for multiple consecutive days, however, the massive Equifax data breach story is continually evolving, affects you and warrants such coverage.

Under pressure from New York Attorney Eric Schneiderman and others, Equifax has removed the waiver of your rights to participate in a class action from the contract you must agree to in order to obtain free identity protection services from its TrustedID  program.  Therefore it makes sense to sign up for the program, which you can do here.

https://www.equifaxsecurity2017.com/enroll/

While Equifax also represented that you could find out from them whether or not you were specifically involved in the data breach, that representation is not accurate.  Numerous people have used fake names to test the system and in each instance were told that they probably were affected by the data breach.  This is mildly upsetting, but no more than that.  The sheer size of the data breach is so large and the potential harm so great that you should assume that you were affected.

TIPS

The advice as to what to do is still the same.  You should put a credit freeze on your credit reports at all of the three major credit reporting agencies.  Fraud alerts are worthless.  In addition, you should get copies of your credit reports from each of the three major credit reporting agencies to look and see if you have already been a victim because it is important to remember that this data breach has gone on for months.  You have the right to a free copy of your credit report from each of the three credit reporting agencies once each year.  What many of us do is stagger the request among the TransUnion, Equifax and Experian by requesting one every four months.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 9, 2017 – Important update about the Equifax data breach

The massive data breach that occurred at credit reporting agency Equifax, between last May and July is a story that is continuing to evolve. If you are one of the approximately 143 million people whose personal information was compromised, you face a serious threat of identity theft. Equifax is offering credit monitoring and other services to the victims of the data breach through its identity protection company, Trusted ID, however, if you read the fine print in the agreement you will find that in order to get the free services you must  waive your rights to be a part of any class action against Equifax and must resort to binding arbitration for any claims against Equifax.  New York Attorney General Eric Schneiderman has already indicated that he believes that requiring such a waiver in this instance is illegal and he has demanded Equifax to remove the language from the agreement.  The agreement does also provide that if you notify Equifax within 30 days of accepting the terms that you wish to opt out of arbitration you can do so, but at the moment, your rights against Equifax are far from clear.

TIPS

So what should you be doing?  It will certainly take some intense investigation, but there may well be cause for a class action against Equifax.  However, in the meantime your primary concern should be protecting yourself from identity theft and the first thing you should do is get copies of your credit report from each of the credit reporting agencies and review them to see if there is any evidence of identity theft. Regardless of whether you find any such indications, the next thing you should do is put a credit freeze on your credit reports at each of the three major credit reporting agencies.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 8, 2017 – Massive data breach at Equifax

Yesterday Equifax, one of three major credit reporting agencies announced that it had been victimized by a data breach between mid May and July that resulted in personal information of approximately 143 million Americans being stolen.  To put this number into perspective it accounts for nearly 44% of the entire population of the United States.  The compromised information included names, Social Security numbers, birth dates and more.  This information puts the victims of the data breach in serious danger of identity theft.  In the past when major data breaches such as this have occurred, the cybercriminals sell the information to other cybercriminals on the Dark Web.  To date, we have not yet seen this information being sold, but it will be.

Equifax is offering to affected customers a free year of credit monitoring and the ability to freeze your Equifax credit report.  To find out if your records were affected by the breach, click on this link provided by Equifax

Potential Impact

TIPS

If you have been affected by the data breach, you should sign up for the free services offered by Equifax and definitely should freeze your credit report at all of the credit reporting agencies because the information stolen puts you in jeopardy of identity theft at all of the credit reporting agencies.

Even if you have not been a victim of the data breach, you should consider taking this as the opportunity to put a credit freeze on your credit reports. Credit freezes are the best thing you can do to protect yourself from becoming a victim of identity theft.

To get started, it’s best to first understand the laws and fees governing credit freezes in your state. The National Conference of State Legislatures describes the credit freeze laws for each state. 

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them for information about how to get a credit freeze: 

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.