Last February I told you about personal information of 10,683,188 people gathered in a data breach of MGM Resorts hotels turning up on Dark Web websites where criminals buy and sell stolen data. The data included full names, home addresses, phone numbers, email addresses and dates of birth of MGM Resorts customers. It did not include credit card information. MGM has resorts in the United States in Las Vegas, Atlantic City and Detroit as well as resorts outside of the United States in China and Japan. Las Vegas MGM resorts include the Bellagio, Mandalay Bay, Mirage and Luxor hotels The data breach was discovered in the summer of 2019 by MGM, but relates to travelers who stayed at MGM hotels prior to 2018. Cybercriminals use the information gathered in data breaches such as this to form the basis of scams that start with spear phishing emails which are emails specifically tailored with information about you and your interests. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware. Everyone should be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.
Now, personal information that appears to be related to the MGM data breach is being again offered on the Dark Web, but this time the details are of more than 142 million people. The information is being offered on the Dark Web for only $2,900 for the entire list of personal information.
If you stayed at an MGM hotel prior to 2018 you should be particularly skeptical of any email that may ask you for personal information or to click on a link. Indeed, everyone should refrain from ever providing personal information in response to an email unless you have absolutely confirmed that the email is legitimate. The same rule applies to clicking on links.
In addition, if you have stayed at an MGM hotel prior to 2018 and you have not frozen your credit reports, this would be a good time to do so.
To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:
Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”