Expert: Fraudsters may already be trying to use breached Equifax data

Equifax Makes Hack Fallout Worse With Bad Credit Freeze PINs
Equifax Makes Hack Fallout Worse With Bad Credit Freeze PINs

Forter, an e-commerce fraud prevention company, said they saw a “significant” spike in what appears to be fraudulent account takeovers this summer, something they believe could be a result of the recently-disclosed Equifax (EFX) data breach.

“In the last two months we saw about a 15% increase year-over-year in account takeover attempts,” according to Forter CEO and co-founder Michael Reitblat. “While we can’t confirm that this is related to the Equifax breach, the timing suggests that it could.”

Equifax, one of the three major credit reporting companies, said on Thursday that “criminals” had stolen data that could impact 143 million US consumers. The company’s investigation revealed the unauthorized access occurred from mid-May through July. The information includes names, Social Security numbers, birth dates, addresses and also credit card numbers for approximately 209,000 consumers.

Reitblat explained the summer spike in fraud accounts could be the result of the original Equifax hackers selling initial small amounts of data to fraudsters.

“The fraudsters are paying the hackers bitcoin to see the data and confirm it’s legitimate. Once this stage is over, the hackers will then sell large bulks of data to the fraudsters,” Reitblat explained. “The moment this data starts to be sold in masses and in the open (if the FBI doesn’t catch them first), you will see an absolutely huge significant spike in account takeover attempts.”

In other words, the spike we are seeing now could be just a reflection of a testing phase that will get much larger.

“Remember, criminals usually don’t trust each other,” he said. “Bitcoin did wonders for cyber criminals. Now with bitcoin criminals can specialize into hackers and fraudsters and communicate via bitcoin in stages.”

Equifax did not respond to request for comment from Yahoo Finance.

Fraudsters may already be using information from the Equifax data breach. (AP Photo/Damian Dovarganes, File)
Fraudsters may already be using information from the Equifax data breach. (AP Photo/Damian Dovarganes, File)

Account takeover attempts

Reitblat said that hackers going after personal information, instead of purely credit card numbers, is a growing trend.

“Through all the Equifax databases, the hackers have everything about you. And through not very sophisticated social engineering, they can get passwords and security information from other sites,” he said.

He explained that some fraudsters will put small purchases (like $30) on regular high-use credit cards, as these will largely go unnoticed by consumers. Meanwhile, larger purchases may go on more dormant cards, including some store cards that haven’t been in use. In that case, consumers won’t find out until they get notification for amount owed.

Monitor your credit cards

Forter, which handles about $20 billion in online transactions including those for several major Fortune 500 companies, said this could be the most extreme breach they’ve ever seen.