Scammers using fake websites to prey on Equifax breach victims - WMC Action News 5 - Memphis, Tennessee

Scammers using fake websites to prey on Equifax breach victims

(Source: User:Colin via Wikimedia Commons) (Source: User:Colin via Wikimedia Commons)

Equifax confirmed reports that it had a separate cybersecurity incident in March, months before the massive data breach that exposed personal information of millions of Americans.

Reports suggest the first attack may have been carried out by the same group of hackers, but Equifax said it did not involve the same intruders.

Now, many are running into scammers using website links closely resembling the one used to check the breach. This is the real website; only use it to check if you were part of the breach.

State officials are warning others, hoping to stop further damage to personal information.

Right after the website was registered to check on the breach, scammers created hundreds of websites with links that look very similar to the real one, sometimes only off by one number.

Tennessee Attorney General Herbert Slattery said he's concerned more than 3 million Tennessee residents may have had personal information stolen in the breach. He's urging the credit reporting firm to extend its free credit freezes past the current deadline of November 21.

The correct link to the website is Do not click on any other websites.

You can read his statement below:

Attorney General Herbert H. Slatery III today expressed in a letter to credit reporting firm Equifax his deep concern that the personal information of over 3 million Tennessee residents has been stolen by unauthorized individuals, leaving consumers vulnerable to identity theft and financial loss. In doing so, he added his voice to those of several other attorneys general who recently wrote to Equifax with similar concerns.

General Slatery encouraged Equifax to “take all possible steps to help consumers access any rehabilitative services easily and efficiently” and advised Equifax of the frustration that many consumers are experiencing when they contact Equifax or visit its website. General Slatery also strongly encouraged Equifax to focus on free credit monitoring as opposed to any fee based credit monitoring so consumers are not confused into thinking they must pay for a service that is being offered for free.  

Additionally, while appreciative that Equifax will be reimbursing consumers who paid a fee to freeze their Equifax credit reports as of September 7, 2017, the date the breach was announced, General Slatery urged Equifax to extend the free credit freezes past the current deadline of November 21, 2017 and to reimburse fees paid by consumers for security freezes by other credit reporting agencies. 

“It is distressing that this massive breach leaves consumers exposed to financial and other harm. Consumers need to be vigilant about regularly monitoring their financial accounts and credit reports, and Equifax must actively assist consumers in those efforts,” General Slatery said.

Tennessee Department of Commerce & Insurance Commissioner Julie Mix McPeak said, “The Tennessee Division of Consumer Affairs supports this effort by General Slatery and other attorneys general on behalf of consumers across the country.”

Consumers can access helpful tips at the FTC website, located at

Mississippi AG Jim Hood warned residents in his state to use extra caution as well. His statement is below:

Attorney General Jim Hood is warning consumers to use extra caution when accessing information telling them if they have been impacted by the recent Equifax data breach.

“Consumers should make sure that they are accessing the correct website through the correct Equifax link,” said General Hood. “We have seen links that are extremely similar to the legitimate Equifax link—some that are off by just one number—so we want to prevent consumers from having more damage done to their personal information.”

The correct link to use to check on potential impact through this breach is It is a properly registered site; however, scammers are producing hundreds of websites very similar to this link that are not legitimate, with new ones continually popping up. Shortly after Equifax established its legitimate website, other domains were registered, tricking consumers into using fraudulent websites and putting their personal information at additional risk. In this instance, websites can be verified by accessing it directly from the Equifax site and by not clicking embedded links in emails or other websites.

“People need to go online and check if they’ve been affected,” said General Hood. “When you click on the link, it asks you to enter the last six numbers of your Social Security Number, then it tells you whether you were potentially impacted. In our office, we found that two out of three people were possibly impacted by this breach.”

Equifax has reported the incident potentially impacted the personal information of 143 million U.S. consumers, including 1,299,254 Mississippians. The information that was stolen primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. Equifax also identified unauthorized access to limited personal information for certain U.K. and Canadian residents and is working with regulators in those countries.

Equifax is offering a free service to consumers called TrustedID Premier through the website previously listed, which will provide complimentary services such as credit file monitoring and identity theft protection. Consumers should also take steps to place security freezes on their accounts.

To place a security freeze, contact each of the nationwide credit reporting companies and supply your name, address, date of birth, Social Security number, and other personal information. There may be a fee with companies other than Equifax; however, General Hood has asked that Equifax reimburse consumers for these fees, which range from $5 to $10. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

The following information is from Equifax for those who enact a security freeze:

If consumers request a security freeze online: Consumers may place, temporarily lift, or remove a security freeze to an Equifax Credit File by going to
Equifax does not currently email or mail the individual 10-digit PIN to consumers. It is available on the screen, and the consumer is asked to print the PIN from the screen. The Equifax technology team is aware of some limited situations in which consumers are unable to view their PINs. It has been determined that this is caused by users’ browser settings. Equifax is working on a fix for this issue. In the meantime, Equifax is displaying a phone number that consumers may call to receive a PIN.

If consumers request a security freeze over the phone or via U.S. Mail: Equifax will mail consumers their individual, 10-digit PIN at the address on file.

Refunds for recently placed credit freezes: Equifax intends to automatically refund consumers who used credit cards to place a security freeze on their Equifax credit file starting at 5:00 PM EST on Thursday, Sept. 7, 2017. Equifax is also planning to refund consumers who paid by check or money order, but the company is still finalizing the details of executing those refunds.

Requesting a new PIN: Consumers who have older PINs and wish to receive a new one can call (866) 349-5191 to speak to a live agent; provide identity verification information; and receive a replacement PIN.

To place a security freeze with each of the other nationwide credit reporting companies, consumers should contact:

Experian — 1-888-397-3742

TransUnion — 1-888-909-8872

Copyright 2017 WMC Action News 5. All rights reserved.

Powered by Frankly