Equifax’s data breach, which may have impacted 143 million U.S. consumers, has resulted in digital thieves sending hundreds of thousands of phishing emails pretending to be a bank or financial institution.
According to a news report in the The Washington Post, covering research issued by cloud security company Barracuda Networks, the spoof emails are purporting to be from big banks like Bank of America, TD Bank and CIBC. The emails aren’t an indication that the big banks have been hacked, but that there has been a spike in bank-related phishing emails given consumers are on watch due to the Equifax data breach.
“Everyone seems to be on a heightened alert following the recent Equifax data breach,” the cloud company said, according to the report. “You might even be more likely to open an email from your bank these days that perhaps you would’ve ignored in previous months.”
As is the case in many phishing scams, the fake emails look real and have all the signs of being official, but often send users to a bogus web page where they unwittingly give up their personal information, including logins and passwords. Because they appear to be from banks, consumers are more likely to click on the link or trust a notification that directs them elsewhere. Real banks won’t ask a customer to download an attachment, which the hackers will, installing malicious code in the background as part of the cyberattack.
“It’s still too early to confirm a definite correlation between these secure message attacks and the Equifax breach just yet,” said Fleming Shi, senior vice president of technology at Barracuda, in the report. He noted that his firm spotted close to 300,000 fraudulent emails in the past few weeks pretending to be from Bank of America and 150,000 from a fake CIBC.
The widespread attention generated by the Equifax data breach may make consumers more vulnerable to an official-looking phishing scam because they are worried about the Equifax incident, noted the report.