Advertising Click Message Scam
Equifax Corporate Security has received notice that consumers have received emails claiming to be from Equifax Credit Monitoring. The emails claim to be for an "Identity Theft Alert" and state that the consumer's credit score has decreased/increased by a significant amount.
It has been determined that these emails are part of an on-going advertising click scam. These emails are not from Equifax. The links in the emails do not appear to be malicious in nature.
From: Equifax Credit Monitoring <firstname.lastname@example.org>
Subject: Re: [victim email address] Identify Theft Alert
Date: 22 January, 2013 12:26:13 PM MST
To: [Victim email address]
Identify Theft Alert!
Membership Id: [bogus ID #]
Registered Email: [Victim Email address]
Hello [victim email address],
Your credit score has decreased by over 70 points in past 15 days alone. We belie that is very unusual decline.
You might be having Identify Theft Issue.
We recommend you to check your credit Report immediately by visiting HERE.
It's absolutely FREE of cost.
Equifax Credit Monitoring
Authorization to Release Financial Information
Equifax Corporate Security has received notice that businesses are receiving fraudulent letters appearing to be from Equifax. These letters request that current or potential contractors register by submitting their company's financial information on a release form entitled, "Authorization to release financial information". Sample from this letter:
"Our records show that you are currently registered as a prospective contractor for procurements listed by the U.S. Federal Government.However after reviewing your records we have noticed that you have not submitted your financial release form. Your financial institution's privacypolicy may not allow it to release your financial information even to government institutions without your consent, therefore we must have suchform on file before we can move on with any procurement decisions."
The Authorization to release financial information requests that you provide the name of your financial institution and the account number and fax to (202) 652-4312.
This letter is a scam and not from Equifax. Other versions of this letter have been sent out to businesses purporting to be from the Department of Transportation as well as from other companies. These letters are a fraudulent means to obtain financial information. Please discard these letters.
If you have responded to this fraudulent letter, contact your financial institution immediately.
Rental Property Scam on Craigslist
We have been made aware that some consumers responding to advertisements for rental property listed in Craigslist are receiving an email with instructions to obtain their credit report via a link listed in the email. Please be aware that this link is fraudulent and does not belong to Equifax or the other credit reporting agencies. Furthermore, the link asks the consumer for personal information which could be used to perpetrate fraud against the consumer.
Some of the known names sending this type of email to the consumer are: Cindy Miller, Sharon Jennings, Jennifer Reed, and Stacy Nash. Be aware the names may continue to change.
This is an example of the type of email being sent:
From: Stacey Nash <email@example.com>
Date: Fri, Oct 19, 2012 at 12:23 PM
Subject: Re: $995 / 1br - BIG DOGS OK HERE W/ AMAZING DOG PARK! HIDDEN GEM! (Gravesend)
My apologies for the delay! I was very busy last few days. The great news is that the rental is still available. There was a potential leaser who had serious interest in the property, but he lost his job, so we need to start showing it again, as we want to get it rented ASAP. Considering you had contacted us first, regarding the rental, we are giving you first right of refusal.
The unit is in great condition. We know a lot of prospective renters want to take a quick look at the property, regardless, our policy is not to divulge the address, as there are some lunatics in the world with bad intentions…………..If you would like to set up an appointment, go to the link below and request the free copy of your rental / credit report. The scores are insignificant – we realize many folks have had foreclosures, bankruptcy, etc. For insurance purposes, we are required to have a report on file from every prospective tenant. Here is the link: : http://123link (full link has been removed)
The only pages we require are regarding your rental history. You just need to bring that to your appointment to see the property.
My availability over the next few days is going to be constrained, but I will try to be available between 10am and 8pm. After you have completed the online process, let me know that you have a hard copy and I can schedule an appointment at the rental.
See you soon!
What you should do
If you have received one of these emails or have attempted to complete the required information in the link from this type of email, you should:
Notify Craigslist of the fraudulent advertisement
Contact the three national credit reporting agencies (Equifax, Experian and Trans Union) and place a fraud alert on your credit file.
Security Terms Definitions
What is a phishing attack?
"Phishing" or "spoofing" is the illegal practice of sending fraudulent e-mails that appear to be legitimate and from a well-known company asking you to provide, update or confirm certain confidential information.
If you receive e-mails that appear to be from Equifax and which request you to provide confidential information such as User ID, Password, Personal Information, etc. - - Please do not respond! Equifax does not and will not send emails requesting personal information.
Simply clicking the link in a spoofed e-mail can be dangerous, even if you do not provide the information requested. When in doubt if a message is authentic or not, always contact Equifax to confirm and again, DO NOT RESPOND TO THEM!
If you believe you have responded to a phishing attempt concerning your Equifax account, please call Equifax at 866-493-5983, or email us at Security.DataAdministration@equifax.com.
What does a Fraudulent Email look like?
An email that contains a phishing attack may look legitimate but there are common elements that you should be aware of and recognize. Here is an example of a fraudulant email and below are some clues to look for when evalutating the legitimacy of the email.
The email will not address you by name
Misspellings and typos
A sense of urgency
Links that point to a different site. The link looks official, but if you click on the link it may take you to a site that can cause harm to your machine, etc.