FTC Warns of Fake Equifax Settlement Sites (Aug 7, 2019)
The Federal Trade Commission (FTC) is warning people of scams targeting individuals who mean to claim benefits available under the terms reached with Equifax regarding their 2017 data breach. Equifax, a US-based credit report company,is paying for identity restoration services and up to $125 USD to as many as 147 million potential claimants. The FTC says fake settlement claim sites have begun to appear, with threat actors using claims as an opportunity to access Personally Identifiable Information (PII) and other sensitive data from their victims. The FTC is informing potential claimants that they never have to pay to file a claim to get benefits from the settlement, and to start the eligibility and claims process at the official FTC website.
Recommendation: Users should be educated on the risks of phishing, specifically, how to identify such attempts. Websites claiming to be place for victims of the Equifax data breach to claim settlements should be avoided, as they are a scam. All claims related to the Equifax data breach should be handled through the FTC, with claims filed with the official FTC website. Users should also ensure they are visiting the official FTC website, and not a phishing attempt. Individuals that wish to file a claim with the FTC, or in any situation where PII is necessary to validate identity, should always navigate directly to the correct, official webpage for that process.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.