In the aftermath of the Equifax breach, everyone should be on high alert for subsequent social engineering attacks. I would expect LOTS of phishing messages to hit Inboxes over the next few weeks, claiming to be legit and asking recipients to register for credit monitoring service. We have already noticed several squatting domains being registered, which will most likely be used in victimizing more people. Most are not even yet setup, but domains are live.
Here are a few as examples:
equifaxhackedme.co;
equifaxbreach.info;
equifaxhackedme.info;
equifaxhack.info;
equifaxhackedme.mobi;
equifaxhack.org;
equifaxhack.website;
equifaxhackedme.xyz;
equifaxbreach.co;
equifaxdatabreachclassaction.info;
equifaxdatabreachclassaction.org;
equifaxprivacybreach.org
equifaxprivacybreach.info;
equifaxbreach.mobi;
equifaxbreach.online;
Of course, DMARC would not help in these instances since spammers are not spoofing the Equifax domain, but instead creating new impersonation domains.
We are urging everyone to think before they click and keep in mind that Equifax will not be contacting the general public via email or phone in regards to this breach.
About the Author:
Jay McLaughlin, CISSP - Jay brings nearly 20 years of industry experience in the realm of information technology and cybersecurity. His dynamic, balanced, insightful presentations and writings cover topics from perimeter security and application layer security to behavioral analytics and online fraud prevention. In 2010, ComputerWorld selected and recognized Jay as a Premier100 IT Leader for his accomplishments and contributions over the course of his career. Jay is a CISSP and holds a Bachelor of Science degree in Management Information Systems from the University of Central Florida.