Fraudsters Capitalizing on Equifax Breach Settlement with Deceptive Websites

Equifax logo under magnifying glass

Digital fraudsters are capitalizing on a settlement concerning the 2017 Equifax data breach to target users with deceptive websites.

In July 2019, the United States Federal Trade Commission (FTC) announced that it had reached a settlement with Equifax over a data breach that occurred back in 2017. This incident largely stemmed from Equifax’s failure to patch critical systems as well as a weak overarching security governance structure. Together, those flaws allowed unauthorized individuals to access 143 million Americans’ personal data including their Social Security Numbers and birthdates. The breach also exposed the information of tens of millions of UK and Canadian residents.

The settlement stipulated that the credit reporting agency would set aside $425 million to help consumers affected by the data breach. Those individuals could choose to receive one of two forms of assistance after filing a claim on EquifaxBreachSettlement.com. On the one hand, they could opt to receive up to 10 years of free access to credit monitoring services. On the other hand, they could apply to receive recuperation for expenses incurred as a result of the incident.

A Tantalizing Target for Attackers

The web portal created by Equifax provides an easy means by which hundreds of millions of people can submit claims for either of these options. In so doing, however, it presents attackers with an easy means by which they can target users and steal their personal information. Reflecting that reality, the FTC wasn’t surprised when it learned that digital attackers had already created fake websites designed to impersonate the legitimate Equifax settlement portal.

Michelle Singletary, a nationally syndicated columnist for The Washington Post, took a look at these imposter websites for herself. She noticed that both of those websites had used typosquatting to disguise themselves as the official settlement portal, with each of their URLs straying from this legitimate resource by just one letter. Singletary wrote that both websites also displayed ads through Google, while one contained misleading links:

One said “data breach.” Another said “Class Settlement Claims.” However, if you followed the links, you were taken to pages with ads for credit monitoring or debt settlement. One ad was for Freedom Debt Relief, a company that recently reached a $25 million settlement with the Consumer Financial Protection Bureau for alleged misdeeds.

The Washington Post columnist subsequently contacted Freedom. There, a company spokesperson told Singletary that they did not place an ad on the website and that they had notified their Google representative. Singletary tried to discover the owners of the website, but when that didn’t work, she brought the websites to the attention of Google. It’s at that point that the tech giant’s teams took down the lookalike portals.

This isn’t the first time that a fake website has affected Equifax’s data breach response. Soon after news of the security incident first emerged in September 2017, software engineer Nick Sweeting created www [dot] securityequifax2017 [dot] com, a website whose URL looks very similar to the credit reporting agency’s breach FAQs page www.equifaxsecurity2017.com. Sweeting created this site not out of malice but in a deliberate attempt to educate people about the dangers of phishing and typosquatting. After Equifax mistakenly linked to it in some of its tweets, many web browsers began blocking and flagging the fake website. That’s when Sweeting decided to take his creation offline, reported NPR.

Defending Against Lingering Threats

Though the imposter settlement sites are gone, Singletary noted in her reporting that consumers are still under threat of phishing emails pretending to be the administrator of the Equifax settlement. To help protect their users against the possibility of these attacks, organizations should consider investing in a security solution that analyzes incoming emails at multiple levels in real-time. 

Learn how ZixProtect can help protect users against Equifax-themed email threats.