Galt's Gulch

After massive data breach, Equifax sent victims to fake phishing site for support

Posted by $ nickursis 6 years, 7 months ago to Culture
15 comments | Share | Flag

Be careful what you click on, or tweet on, or click from tweet on. These guys seem to be desperately trying to become the 2017 Keystone Cops with our data....
SOURCE URL: http://www.techrepublic.com/article/after-massive-data-breach-equifax-sent-victims-to-fake-phishing-site-for-support/?ftag=TREe01923b&bhid=89894789

Add Comment

FORMATTING HELP

All Comments Hide marked as read Mark all as read

    -
  • Posted by CircuitGuy 6 years, 7 months ago
    I read about it. I couldn't believe it. https://nyti.ms/2yetmjD

    It's only tangentially related, but one of my banks (I can't remember which) sent out a message saying in light of the breech people might consider buying a credit report monitoring service through them. It borders on a scam. It's not a scam, but it's close.

    I think the fake phising tweet was an honest Keystone Cops mistake.
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ nickursis 6 years, 7 months ago
      Credit monitoring is not really useful, in that most report monthly and do not provide real time warning, even Life Lock. Costco has a service that lets you know monthly, but probably the best thing is to do the fraud alert and make everyone contact you.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by CircuitGuy 6 years, 7 months ago
        Not only is it not useful, I don't get the fundamental theory of it. If a crook pretends to be you, forges your signature, and tricks me into giving him, that's my problem not yours. I'd be the victim of fraud and would make a police report. If I could contact the imposter, I'd do everything legal and moral to convince him to give the money back. You wouldn't even be involved. You don't need to monitor for people being taken in by imposters. That's the problem of the person who got tricked. If my business were banking (identifying credit-worthy borrowers), I should be doubly embarrassed to have been tricked. In any case, the fraud has nothing to do with you.
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by $ nickursis 6 years, 7 months ago
          There you go, but it becomes the innocent bystanders problem. Their ability to seperate individuals is so bad my son had a hard time renting a house by his Army base because someone in Minnesota has the same name and middle initial, and they assumed he was him. Not an accurate system at all, yet you get stuck with the bill...
          Reply | Mark as read | Parent | Best of... | Permalink  
            -
          • Posted by CircuitGuy 6 years, 7 months ago
            "yet you get stuck with the bill.."
            I hope he didn't pay the bill. This is an old problem. An impostor tricked someone into lending him money, and now the person who got tricked is tarnishing your son's good name. The impostor is a criminal, and the person tarnishing his good name is a criminal if they realize they got tricked but just hope collect from somebody by threatening to tarnish his name.
            Reply | Mark as read | Parent | Best of... | Permalink  
              -
            • Posted by $ nickursis 6 years, 7 months ago
              No, he only had to prove he wasn't a child molestor. But the people whos names get hijacked do get stuck with the bill, with the system "usually" letting them off, but a lot of times their credit record still gets the hits for the dude, and they have to work to get them taken off, it is a crappy, unresponsive system.
              Reply | Mark as read | Parent | Best of... | Permalink  
                -
              • Posted by CircuitGuy 6 years, 7 months ago
                I just disagree thst their name got hijacked. I say an imposter tricked someone into giving them money and that person tarnished your name. To win a judgment, the burden is on the person who got tricked to show that's really your signature and you actually did borrow money from them rather than an imposter. If they took you to court, they'd probably lose, but they can tarnish your name. This is an ancient problem. I say the bank that got tricked got "hijacked". They can't make you pay because an imposter tricked them. They can talk bad about you. They'd probably lose in a court of law though. I really think the "name got hijacked" view is just the tricked party's rationalization that they won't be left holding the bag for their mistake.
                Reply | Mark as read | Parent | Best of... | Permalink  
                  -
                • Posted by ewv 6 years, 7 months ago
                  It isn't just tricking a third party into giving them money. They steal personal information such as account numbers associated under the same name, not the name alone, and do enormous, long-lasting damage to the victim whose identity has been taken. When someone uses your stolen personal information to make purchases, he is by fraud forcing you to pay for them and destroying your reputation. You can legitimately refuse to pay, but are still the victim. The best solution to this is better security for your finances and personal information, and the responsibility to use it. Currently the 'data brokers' are making that impossible.

                  Companies like Life Lock are attempting to provide a service analogous to a security guard, but whose effectiveness is questionable.
                  Reply | Mark as read | Parent | Best of... | Permalink  
                    -
                  • Posted by $ nickursis 6 years, 7 months ago
                    A lot like the commercial where the security guard says "there's a robbery" and thats it. They tell you (sometimes months later) that there was a robbery. I guess putting a fraud lock on all three is the only way to force them to have to call you and ask if you really did want that Rolls....
                    Reply | Mark as read | Parent | Best of... | Permalink  
                    -
                  • Posted by CircuitGuy 6 years, 7 months ago
                    "he is by fraud forcing you to pay for them and destroying your reputation."
                    I agreed with all the text until the line above. He is not forcing anything. He defrauded someone else.

                    "The best solution to this is better security for your finances and personal information"
                    Maybe I don't understand what they're doing. I imagine (casting me in the role of the crooks) that CG goes to Chase and says my name is ewv and I want to borrow money. To show I'm good for it I give them your social security number and other facts that would be hard but not impossible to get. Chase believes the deception and gives me the money. I take the money and run. Chase goes to ewv and says, "You owe us money. Here's the signed promise to pay." ewv says, "That's not my signature. That was an impostor." Chase says, "How do we know this isn't a scam on your part to borrow the money and say it was an impostor." At that point you and Chase look whether they have enough evidence to convince a court you actually received the money. There probably isn't unless the fraudsters are really good. So an impostor defrauded Chase. Ewv was not involved in the crime.

                    Of course, if Chase has some evidence it wasn't you, like the signature being mailed from a place you've never been, they won't be eager to give it you. They want to win a judgment from someone who they can locate and can pay, i.e. ewv.
                    Reply | Mark as read | Parent | Best of... | Permalink  
                      -
                    • Posted by ewv 6 years, 7 months ago
                      Fraud is an indirect form of force. It bypasses your rational consent. The identity thief is in fact making you pay for his purchases he made with your personal information he stole as he is simultaneously defrauding the merchant he misled. He doesn't care who else pays, but the use of the account number directly leads to you being charged for it and expected to pay.

                      Fortunately credit card companies have generally been very willing to not charge, even beyond statutory limits, for fraudulent use of stolen information like a credit card account number. Sometimes they alert their customers even before the customers know their account has been misused. If you inform them in a timely manner of a bogus charge they are generally very quick to remove it. Credit card companies understand the problem very well and have been increasing their security. The same cannot be said of the 'data brokers' and internet spies who not only steal the information for their own use but leave it vulnerable to the piggy back hacker thieves.

                      "The best solution to this is better security for your finances and personal information" means your security and the security of vendors with temporary use of your information when you buy from them. The 'data brokers' spying and collecting information don't want that.
                      Reply | Mark as read | Parent | Best of... | Permalink  
                      • Posted by CircuitGuy 6 years, 7 months ago
                        Thanks for sticking with me on my nit-picking discussion.
                        "Fraud is an indirect form of force."
                        Yes, absolutely.
                        "It bypasses your rational consent."
                        Yes, absolutely.
                        "The identity thief is in fact making you pay for his purchases he made with your personal information he stole as he is simultaneously defrauding the merchant he misled. "
                        Depending on how he perpetrated it, he stole from the merchant or the bank.
                        "you being charged for it and expected to pay."
                        When we get to the passive voice is the part where I nitpickingly disagree. The impostor committed fraud, a crime, a form of force. Other people's expectations are another matter.

                        Maybe the difference is I'm imagining the criminal applying for a credit card or other form of loan and not repaying it. You're imagining her stealing the number and impersonating you when she buys something from a merchant website.

                        If we see the card number as a key, that she furtively copied while it was out of your possession, then I see how you are the victim. I struggle to see a number as a key. I see the crook as an impostor and not committing a crime against you besides impersonation. The fact that some people expect you to make good on the impostor's debts is of no matter.
                        Reply | Mark as read | Parent | Best of... | Permalink  

FORMATTING HELP

  • Comment hidden. Undo