New Russian scammers prey on US data breach victims - Cylanda - The Leader In Cybersecurity Compliance and IT Support

Hi guys, doesn’t it feel like a lot of data breaches have happened over the past year? Some of the more memorable ones include The United Nations, Microsoft, Facebook, T-Mobile, 7-Eleven, Capital One, NASA, Flipboard, FEMA, Dow Jones, Dunkin’ Donuts, Houzz and Equifax. Wow! Unfortunately, each one has had, let’s say “unique” effects on their respective industries and of course it’s been us as citizens and consumers who are the ones paying the price for these company’s negligence and poor cyber hygiene.

While you and I personally don’t have much say in how these companies handle these data exfiltration events, the Equifax settlement did seem like a step in the right direction. But the reality is that most people feel cynical about all these big companies being able to really protect our personal information.

Unfortunately, this latest scam put together by Russian scammers taps right into those fears. They assembled a fake government website that appears to be run by the “US Trading Commission” that claims will give you financial compensation for “leaking your personal data.” While this sounds legit and perhaps is something our government could do, namely give money to victims of data breaches, considering how expensive it can be to get back on track after identity theft, there is no such thing as the “US Trading Commission.”

If you get a phishing email and inadvertently get taken to one of these fake sites, you’ll be prompted to fill out a number of forms that of course, ask you for personal information such as name, social security number, bank account number, credit card numbers and so on, so that you can get paid. Suspicious yet?

The Takeaway

If you or someone you know starts entering in personal information on any website, be sure it’s not a phishing one. There are very few actual companies or agencies that request this kind of personal information and often it may be filled out in person at their local branch office. The U.S. government will never request you for personal information over the web. If you are owed money or need to provide information, they will contact you via traditional mail. No exceptions! 

Stay safe out there.