If a massive data breach has been in the news recently – such as the 2017 Equifax data breach that impacted more than 143 million Americans – there’s a good chance that another set of hackers are already trying to capitalize on this public data breach to get victims to download malware, click on fraudulent links or respond to scam email requests. In many ways, this is adding insult to injury and could open up those already victimized to even more risk.
Anatomy of a data breach scam
Here’s how the classic scam works: After a major data breach, a group of hackers typically located outside of the U.S. will start setting up malicious websites with URLs that are very similar to those of the company that has been hacked. Then, these hackers will start sending out emails, purportedly from “official” accounts of the company that has already been publicly hacked. In these emails, victims of the original hack will be told to visit another website to protect their personal information or sign up for free credit monitoring reports.
Once the victim has clicked on this fraudulent link, that’s when the real action happens – either the victim enters his or her personal information (including addresses and Social Security Numbers) in order to sign up for the credit report service, or malware is downloaded from this malicious site. Either way, the person who has just been victimized has little or no idea of what has just happened… until it’s too late.
How hackers victimized Equifax twice
The core problem, of course, is that the company that has been hacked in the first place often has little or no idea of how to respond to these data breaches. In many cases, they take steps that might seem logical at first – but that can quickly turn into a nightmare once they realize how sophisticated overseas hackers can really be.
For example, consider the data breach at Equifax. The company was already reeling after finding itself in the middle of an epic data breach that impacted at least 143 million accounts. That account information included a lot of very sensitive information – such as Social Security Numbers and financial data – that could be used in very nefarious ways by hackers. So Equifax did what it thought was best to protect its customers – it set up a completely new domain called EquifaxSecurity2017.com where customers could go to get information about the data breach and find out which steps to take next.
Well, you can imagine what hackers did next. They immediately began registering domain names that looked exactly like the Equifax website. In some cases, they took advantage of simple misspellings – such as using “ks” instead of “x” in the name. The goal of the Equifax scam was simple – to confuse people who had already been hacked to give up their personal information a second time. Equifax, in fact, found that 138 lookalike domain names had been registered, all of them from shady overseas users, most of them from China or Hong Kong.
Once these fake domain names had been set up, the Equifax scam sets the trap for unwitting customers. For example, by typing in SecurityEquifax2017.com instead of EquifaxSecurity2017.com, they would wind up on a completely different site. In fact, this was exactly the mistake Equifax did when they sent out a tweet linked to the fake phishing site SecurityEquifax2017.com. Some of these fake domains were simply placeholder pages, filled with terms like “Credit Freeze”, “ID Theft Protection” and “Protect My Credit.” But a few of these domains were malware-laded websites where any click made by a customer could result in the customer getting hacked once again, this time by a new group of hackers.