The Equifax breach was bad enough. Read about the most common Equifax-related scams to keep from being a victimized twice.

Over 143 million US residents have a reason to worry about the fallout of this year’s Equifax hack. As we all try to sort out how this massive breach has affected us, there are new dangers on the horizon. Consumers from all over the country are reporting an increasing number of Equifax-related scams that attempt to take advantage of the hacker’s victims.

I strongly suggest that our clients take the necessary steps to minimize exposure to this breach. Whether you sign up for aggressive credit monitoring or freezing credit reports, it’s important to take action to keep a bad situation from getting worse by recognizing Equifax scams.

Common Equifax Scams to Avoid

Fake Help Scam

Don’t trust anyone who contacts you out-of-the-blue offering to protect you from the Equifax breach. Many consumers report getting phone calls from people pretending to work for Equifax. Once the scammers convince the target that they’re from Equifax, they explain Equifax is helping vulnerable individuals sign up for credit monitoring. But before the target can sign up, he needs to verify personal information.

This scam has a high potential to trick many people, specifically because Equifax publicly promised to provide free credit monitoring for all US residents. A similar scam involves conmen posing as employees of another credit monitoring service.

If you receive a call like this, hang up instantly. Equifax won’t contact customers by phone. While Equifax did promise to provide credit monitoring, you need to sign up yourself.

Don’t let a scammer trick you into giving up your sensitive information. And just because your Caller ID says the phone call is coming from Equifax or another well-known company, it doesn’t mean you can believe it. Spammers can spoof your Caller ID to confuse you. Remember, you can check for yourself on the Equifax’s website to determine if you’re at risk because of the hack. If you are, you can sign up for their free credit monitoring for a limited time.

Tax Refund Fraud

Most people don’t realize that an identity thief can file a false tax return using their stolen information. After all, the IRS is part of the government—Don’t they keep records to prevent this thing from happening? While the IRS does maintain records on US taxpayers, they don’t scrutinize every tax return before sending out a refund check.  By the time you realize someone stole your identity, the thieves are long gone. Now you’re faced with the difficult task of explaining what happened to the IRS.

With the popularity of eFiling, the IRS saw an increase in the number of identity crimes relating to tax returns.  The good news is that this number has declined during the last few years. In 2015, there were over 700,000 reported cases of people filing tax returns using stolen identities—But in 2016, the number fell to 377,000.  This was due to tougher security checks, and people working with tax preparers to minimize fraud. However, tax experts expect an increase in the number of fraudulent tax returns this year due to the enormous amount of personal information hacks stole in the Equifax breach.

One of the best ways to protect yourself from being a victim of a tax return scam is to file your taxes as soon as possible. Once the IRS receives your tax return for the year, any subsequent tax returns it receives won’t be processed.

Spear-phishing Scams

A phishing scam is an attempt by a fraudster to persuade you to reveal useful information. I am sure there isn’t a week that goes by when you haven’t opened your inbox and discovered at least one phishing scam. These types of emails are usually easy to spot and don’t cost people much more than a momentary delay while they delete them. However, there’s a deadlier version of a phishing scam circulating—It’s called spear phishing.

A spear-phishing scam is similar to a regular phishing scam, but it’s a lot more sophisticated. These scams are extremely dangerous because the scammer customizes the email for each victim. Instead of using generic information, like in a regular phishing email, a spear-phishing email includes real information, the same type hackers stole during the Equifax breach.  In this way, they convince a victim that the email is legitimate. Spear-phishing emails can include your name, the names of your friends or coworkers, your place of employment, or even your current purchases or available credit.

Since spear-phishing scams are difficult to recognize, I tell my clients to never click links from inside an email.  Always type the name of the website in a browser to verify that it’s trustworthy. And, be especially careful when dealing with emails that ask for private information. The best way to remain safe is to never send sensitive information via email. Instead, contact the sender of the email by telephone to make sure the correct person really requested the information from you.

The Equifax hack should serve as a wake-up call for many business owners.  Take a second look at the way your business handles data. Make sure your company has a properly designed data security plan, and that your staff knows how to reduce the risk of data loss by conducting frequent training throughout the year. Feel free to contact me to find out if your data is secure.