CyberScout

3 Ways You Can Fall for Scams After a Breach

Imagine you've just had your information exposed in the latest data breach. You've already received a data breach notification letter from the company where the security incident occurred, but now you're suddenly sent an email seemingly from the same firm saying you need to verify your personal or financial information. You may suspect there's something fishy about this email and you're probably right.
 

When you've become affected by a data breach or think you have, this kind of scam claiming you need to give away your sensitive information is widespread, especially after companies confirm a cyberintrusion. Be careful about these and other kinds of scams that could lead to identity theft and endanger your data security even more. 

Here are three ways scammers might try to trick you after a breach:

1. Sending Phishing Emails
As described above, cybercriminals try to extract information from you in order to gain access to your financial accounts. During the chaotic time right after a data breach, consumers have a difficult time separating fact from fiction. Cybercriminals may have obtained your information through the breach at the company itself and try to copy the same logos actual firms use to make it seem like their message is legitimate.

If you are at risk for phishing emails after an incident, make sure you only listen to official communication provided by the companies impacted. 

2. Offering Identity Theft Protection
When a breach occurs, the corporation affected tends to offer identity theft protection or credit monitoring to customers who had their information compromised. While this is helpful, criminals could also take advantage of this. After the data breach at Target, the company cautioned consumers about potential scams, warning that cybercriminals may attempt to offer this same service in exchange for your information, according to its data breach FAQ page.

"Be wary of call or email scams that may appear to offer protection but are really trying to get personal information from you," Target said.

Again, only call the number for identity theft protection listed on the real notification letter sent by companies. 

3. Downloading Malware
Even if you haven't actually been a victim of a data breach, there is another way scammers can get the information they need. Some cybercriminals will call potential "victims" and alert them to a nonexistent problem on their computer. They will ask that the callers download a program that the scammers claim will fix their problem, ABC affiliate WLS reported. However, the program might be disguised as malware to control their computer remotely, which they could use to access confidential information. 

With knowing these tricks, you can stop identity theft and fraud to move forward from a breach sooner.