The Equifax breach may have you watching your financial records closely for evidence of fraudulent new accounts or suspicious transactions. But you may also want to keep a close eye on your incoming email, researchers say — and here’s why.
Since August, digital thieves have sent hundreds of thousands of phishing emails impersonating an alarming number of banking institutions, according to a report Thursday by the cloud security company Barracuda Networks. The fake emails pretend to be coming from major firms such as Bank of America, TD Bank and the Canadian bank CIBC. While the fake emails do not mean the banks themselves have been compromised, said Barracuda, the recent spike in bank-impersonation phishing attacks means consumers should be as vigilant as ever about email threats to their privacy and security in the wake of the Equifax breach.
“Everyone seems to be on a heightened alert following the recent Equifax data breach,” the report said. “You might even be more likely to open an email from your bank these days that perhaps you would’ve ignored in previous months.” Under the wrong circumstances, that could be dangerous, Barracuda suggests.
The emails may look legitimate, bearing all the trappings of an official email such as the bank’s logo and in some cases even a confidentiality statement at the bottom. But the message itself is misleading, notifying consumers of a “secure message” that can only be viewed by downloading an attachment. Doing so gives attackers the ability to take over your device and run other malicious code, perhaps even without your knowledge, according to the report.
Consumers tend to trust these types of notifications implicitly because they are commonly used by real banks to provide customers with important information, said Barracuda. But legitimate financial institutions typically don’t ask users to download attachments. Instead, they more often ask users to log into their Web portal to view their secure messages.
“It’s still too early to confirm a definite correlation between these secure message attacks and the Equifax breach just yet,” said Fleming Shi, senior vice president of technology at Barracuda. Still, he said, the company tracked roughly 300,000 fraudulent emails in recent weeks impersonating Bank of America, and 150,000 pretending to be CIBC. The report is a reminder that the Equifax breach could facilitate many kinds of identity theft — not just the type that may occur as a result of thieves acquiring Equifax’s actual data.
As heads keep rolling at Equifax, we’re beginning to get a better picture of where the country currently stands in the aftermath of the breach, which affected as many as 143 million people.
Almost 85 percent of Americans have heard of the incident, according to a survey released Wednesday by the student debt website LendEDU. And just 18 percent said that Equifax should be allowed to continue being a credit reporting agency. The same study analyzed all of the formal complaints filed against the country’s big-three credit agencies at the Consumer Financial Protection Bureau, and found that Equifax is on track to receive 32 percent more CFPB complaints this year compared to last year.
Congress’s first hearing dealing with the Equifax breach is expected next week. Meanwhile, investigations by the CFPB and the Federal Trade Commission are ongoing.