Phishing Implications of the Equifax Data Breach

The data compromised in the Equifax breach is a social engineering goldmine. Social Security numbers, driver's license numbers, names, birth dates, addresses, credit card numbers, and other potentially sensitive information all associated to specific individuals. It could easily be used to launch highly-successful phishing campaigns that would fool even the most savvy targets.

If the data were to be dumped or sold, any cybercriminal could use it to launch massive phishing campaigns that contain personalized info for each recipient. The impact would be severe.

So far, there have been no reports of widespread phishing attacks using the compromised data. There have also been no reports of the Equifax data being dumped or up for sale. As of right now, only the threat actor(s) that carried out the Equifax breach have it. The situation could become much worse should the data be dumped online or sold.

But even without the stolen data, other threat actors can easily take advantage of the Equifax breach just because it is a huge news story. There is a huge chorus of voices from government authorities and media saying individuals need to take urgent action. Conditions are ripe to blend into all of this attention with urgent, authoritative phishing attacks that mention the breach and provide instructions.

Some examples of likely phishing campaigns:

• Offers of "free" credit monitoring in the wake of the breach, which send victims to sites that harvest PII.
• Fake Equifax breach notifications posing as financial institutions or credit bureaus asking account holders to log-in and verify their information.
• Fake class-action lawsuit notices to get victims to open a malicious attachment or URL, infecting their system with ransomware or another type of malware.

It is critical that individuals be on high alert for Equifax phishing attacks. They will come. When they do, we all need to be prepared to see them for what they are and not fall victim.

Here are some steps organizations can take to reduce the risk presented by Equifax phishing attacks:

• Simulate at least one Equifax phishing campaign scenario with employees to raise their level of vigilance specific to the this phishing threat;
• Train users to report suspicious emails to the security team as quickly as possible;
• Ensure that reported phishing emails are reviewed immediately to identify threats;
• Analyze phishing threats and extract Indicators of Compromise (IOCs) from email lures and payloads;
• Once identified, quickly find and remove phishing emails from user inboxes and mail servers;
• Integrate phishing threat IOCs into email filters and edge protection systems to block subsequent phishing lures.

We will continue to monitor the phishing landscape for attacks leveraging the Equifax breach and provide updates as necessary. Our collection network identifies phishing attacks in-the-wild that target our clients' account holders, including those that may reference the Equifax breach as part of the email lure and phishing site . These attacks are shut down quickly by our 24/7 Security Operations Center (SOC).  

Additionally, our security awareness training experts have phishing simulation campaigns ready to condition employees to recognize and report phishing attacks exploiting the Equifax breach. Suspicious emails reported by employees can be analyzed by our SOC to identify real threats and deliver IOCs to block attacks in near real-time.

PhishLabs clients that wish to learn more or request a training campaign are encouraged to speak with their PhishLabs Client Success Manager. 

If you are not a PhishLabs client and you want to learn more, please contact us.