Equifax Data Breach
The Equifax data breach is one of the largest data breaches in history. The Federal Trade Commission issued a warning about future phishing attacks that may result from attackers having such a large bounty of personal information. Equifax phishing and spear phishing attacks could be very targeted because attackers have gained access to 143 million consumers’ personal information and credit card numbers for 209,000 people. With that information, an attacker could easily reach out to you with your specific information and deceive you.
As of yet, PhishFramework.org has not become aware of any specific phishing spotted in the wild directly relating to the Equifax data breach. However, there are more than a thousand potential phishing domains listed on Pastebin already. Attackers could send targets a phishing email claiming to alert them about their information being breached and redirect the user to a spoofed (cloned) Equifax website where user information is captured and stolen.
Phishing Framework Implications
Attackers frequently use current events–especially those involving fear–to manipulate victims. Highly publicized incidents, such as the Equifax data breach, are easily turned into pretexts for attacks because they allow attackers to create a convincing and compelling scenario. The convincing is easier to do because the incident creates a plausible reason for contacting you. The scenario is compelling because fear is involved, for example fear of identity theft.
The Equifax data breach isn’t the biggest data breach if measuring by accounts stolen. However, it will certainly remain in the public conscience for the near future, as Congress demands for investigation and accountability. One senator even said that “somebody needs to go to jail” for the breach. For years, information security professionals have warned about the impending Cyber Pearl Harbor or Cyber Enron. Time will tell if the Equifax data breach is a viable candidate for such a notorious label.