FTC Investigating Equifax Breach, Scams As Agency Warns Consumers

The United States Federal Trade Commission announced Thursday it opened an investigation into the data breach suffered by credit reporting company Equifax that resulted in the personal information of as many as 143 million consumers being exposed.

In addition to launching a probe into the situation, the FTC also issued a public warning to consumers about scammers attempting to capitalize on the massive incident by posing as Equifax and asking potential victims to surrender personal information.

In particular, the FTC raised red flags about scam calls that have started hitting consumers. While unsolicited calls have been an ongoing problem for Americans in recent years, these ones are particularly malicious given their intention to steal information and come at a time when millions are feeling vulnerable in the wake of the Equifax hack.

The FTC provided consumers with three tips for identifying and avoiding the scams.

First and foremost, the FTC said consumers should never give out personal or financial information on an unsolicited call. If the consumer initiated the call and can verify the person on the other end of the call truly works for who they claim, then it is likely safe. But most companies will not cold call a person and request their information.

Secondly, consumers should not trust their caller ID to protect them. While a number may appear legitimate, it’s possible for scammers to spoof phone numbers so it looks like they are calling from a particular company. This is a prevalent tactic that scammers have adopted in recent years and will likely be put to use in order to make calls appear as though they are from Equifax or other financial resources.

Finally, consumers are advised by the FTC to immediately hang up on any robocall they may receive. Don’t press “1” when prompted, don’t wait to speak to a live operator, don’t even bother following steps to supposedly remove a phone number from the call list. The FTC warns any interaction is only likely to lead to more robocalls.

Lisa Weintraub Schifferle, an attorney at the FTC’s Division of Consumer and Business Education, didn’t mince words when it comes to the phony calls. “Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.”

The FTC also suggested victims of these calls who were perhaps too trusting or too nervous about the effects of the Equifax breach to think twice about questioning the source of call should change passwords, account numbers and security questions to any account that may be compromised.

Such actions don’t ensure protection by any means—attackers can do a considerable amount of damage, from hijacking peripheral accounts with similar passwords to posing as a person by using their stolen information—but it is a good first step in response to being scammed.

The FTC’s warning of scams is not the first. There have been phishing attempts and credential harvesting websites designed to prey upon people who are worried about personal information being compromised in the Equifax hack.

The investigation into hackers breaching Equifax’s servers and stealing information of millions of consumers comes just after the credit reporting firm announced the hack was the result of a known web application vulnerability that had a patch available for at least two months prior to the breach.