New Phishing Scam Says It Will Pay for Data Breaches

February 4, 2020
shutterstock_1635149641 New Phishing Scam Says It Will Pay for Data Breaches

There is a new U.S. government consumer agency that will pay for data breaches? If that is what you have been told, it is not true. It would be like the fox guarding the henhouse, but actually paying that fox money to eat your chickens instead. A new phishing scam that masquerades as a U.S. government consumer agency is supposedly paying data breach victims for the loss of their personally identifiable information. Instead, once consumers enter their name, birthdate, credit card number and Social Security number, you can probably guess what happens next.

Yes, even more identity theft.

According to security company Kaspersky whose researchers discovered the scam, a website claiming to be the U.S. Trading Commission maintains a victims’ fund to help consumers who have been impacted by data breaches. Unfortunately, there is no such thing as the U.S. Trading Commission, even though their website looks surprisingly similar to that of the Federal Trade Commission.

There are a number of red flags about the site that by now should be obvious to a lot of users. First, similar to the legitimate sites that let you check to see if your information has been compromised, this one offers you the chance to compare your information after you hand over some details. The boxes where you enter the information are not all spelled correctly. Also, Kaspersky’s researchers typed in a jumbled array of letters instead of the information, then received an “official” response from a member of Congress whose image and signature had been stolen for this fake.

In order to file a claim on the bogus information that the website shows you so they can pay for data breaches, you must enter your SSN and payment card. Those should always be major red flags to anyone who uses the internet. There is no reason to submit your SSN to anyone without verifying the company, their web security and why they need it.

The spoofing alone, using a similar-sounding name, should have given users pause. There is no government agency with that name, and a quick Google search can show you that. Never interact with a website that claims or appears to be official if you cannot identify the agency. Also, any government agency should have a .gov ending on its website and email domain names. Any website that gathers sensitive information like a payment card number or SSN should also have an HTTPS designation at the beginning of the web address.

Unfortunately, creating a fake website as part of a new phishing scam is a shockingly easy thing to do. That is why it is important that consumers know these red flags and look for them before interacting with any company or organization. Protect yourself by developing cautious good habits about where you submit your personal data.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You may also like…

Identity Theft Resource Center®’s Annual End-of-Year Data Breach Report Reveals 17 Percent Increase in Breaches over 2018

Scam Alert: FedEx Delivery Text Scam

Scam Alert: Australian Fire Fundraising Scam

Share this article:

eHost managed wordpress hosting

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Related Posts

Information from MGM Data Breach Ends Up on the Dark Web

Information from MGM Data Breach Ends Up on the Dark Web

Last summer, MGM Resorts disclosed an MGM data breach that affected around 10 million guests of the hotel company, including some fairly high-profile clients. The data, which included names, addresses, phone numbers and email addresses appears to have not included...

LimeLeads Overexposure Leads to Malicious Cybercrime

LimeLeads Overexposure Leads to Malicious Cybercrime

In what has become a frequent event, another company has fallen victim to exposing their sensitive company information to the entire internet, all because they failed to password-protect their web-based storage system. LimeLeads, a San Francisco-based company that...

Front Rush Data Breach Exposes Student-Athletes’ Data

Front Rush Data Breach Exposes Student-Athletes’ Data

The 2020 year has kicked off with a number of high-profile data breaches that have affected a wide variety of industries. The recently announced Front Rush data breach affecting student-athletes is just another in a long line of attacks that have targeted businesses...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.