Mark Pribish

The Equifax Aftermath: Assume Your Identity Has Been Stolen

By Mark Pribish
Vice President and ID Theft Practice Leader

According to Internal Revenue Service (IRS) Commissioner John Koskinen, consumers should "assume your identity has been stolen," please see here https://nakedsecurity.sophos.com/2017/10/19/irs-chief-assume-your-identity-has-been-stolen/.

The Equifax data breach event totaled 145.5 million people, where hackers had access to names and addresses and other personally identifiable information (PII) – including Social Security numbers, driver's license numbers and dates of birth.

The estimated number of US driver's licenses stolen from Equifax is 10.9 million. Why would Equifax or the other two US credit reporting agencies (CRAs) including Experian or TransUnion have driver's license information?

The primary reason is that affected customers provided most of the driver's licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the Equifax database.

While leaked SSNs and bank details are definitely worse, driver's licenses contain some info that could make it easier to steal someone's identity, including people's height and eye color.

An ID theft criminal could use the name, address and physical characteristics in those stolen drivers licenses as a verification for someone else's identity or to carry out scams in someone else's name.

If you verified your identity using your driver's license through Equifax's website in the past and want to ensure your security, it's probably a good idea to get a new driver's license number.

Unfortunately it gets worse. Equifax, Experian and TransUnion collect and save other types of data such as job histories, salaries, home addresses, medical information, schools attended, and more.

So, are you at risk of taxpayer ID theft and refund fraud?

While the IRS has made significant progress on cracking down on tax-related ID theft and refund fraud, consumers and businesses are still being warned by the IRS to watch out for ID theft criminals who want more of your data.

The IRS believes ID theft criminals and cyber thieves aren't giving up, instead they're upping their game. So it's critical to pay attention to the latest trends.

For example, ID theft criminals and cyber thieves steal data wherever they can find it – so they're targeting tax professionals, payroll professionals, human resource personnel and others.

Sometimes, it can start with phishing email that looks like it's being sent from the tax professional to the client asking for additional information.

Other times phishing emails can appear to be from a top executive at a company who is requesting that someone at the same company forward a list of W-2 information.

Also prevalent are phishing email that look like they're being sent by a taxpayer to a tax professional.

A simple mistake – such as a quick click on a link or a rushed response – can lead to a being hacked, phished or having malware installed on your computer or device.

Another new ID theft trend is where ID Theft criminals are targeting annuity or life insurance accounts by fraudulently taking out loans or making withdrawals. Another trend is the impersonation of an IRS agent who demands money to be placed on Amazon gift cards.

The IRS said crooks are more frequently showing a sophisticated knowledge of the tax code and practices in the tax preparation industry.

Business, partnership, estate and trust filers have been increasingly targeted by national and international criminal syndicates.

Based on the above, the IRS has a link to educate taxpayers of scams across the United States (please see here https://www.irs.gov/newsroom/irs-issues-reminder-to-taxpayers-as-scams-continue-across-the-nation).

Take the IRS commissioners warning seriously, assume your identity has been stolen, and thus be more vigilant than ever.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert: Con Artists Bank On Equifax Breach

Only scammers could find a way to make such bad news worse. Last week, credit reporting agency Equifax announced that a data breach compromised the personal information of 143 million people. Now, scammers are capitalizing on it with phone phishing cons.

How the Scam Works:

You answer the phone, and it's a robo call claiming to be from Equifax. The credit reporting agency is allegedly "calling to verify your account information."

If you stay on the line to speak to a representative, the scammer will try to trick you into sharing personal information.

If you get such a call, be sure to hang up. These calls are scams. Even if your information was compromised in the breach, Equifax will not call you to confirm it. Sharing your personal information with these scammers can lead to identity theft.

How to spot this scam:

  • Just hang up: If you receive a scam robo call, don't press anything. Pressing a button or speaking with a representative may lead to more robocalls.
  • Don't trust Caller ID: Scammers spoof their numbers so they appear to be calling from a trusted company or government organization.
  • Check BBB Tips: Many phishing scams follow similar patterns. Check bbb.org/phishingscam for more advice.

For More Information:

For more information about the Equifax breach, visit Equifax's website, www.equifaxsecurity2017.com or see the Federal Trade Commission's alert. For advice about credit freezes and fraud alerts, see this BBB Tip.

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scamstopper). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker). To learn more about scams, go to BBB Scam Timps (bbb.org/scamtips).

If you believe your identity has been stolen, call 866.SMART68 today.