There is a new U.S. government consumer agency that will pay for data breaches? If that is what you have been told, it is not true. It would be like the fox guarding the henhouse, but actually paying that fox money to eat your chickens instead. A new phishing scam that masquerades as a U.S. government consumer agency is supposedly paying data breach victims for the loss of their personally identifiable information. Instead, once consumers enter their name, birthdate, credit card number and Social Security number, you can probably guess what happens next.
Yes, even more identity theft.
According to security company Kaspersky whose researchers discovered the scam, a website claiming to be the U.S. Trading Commission maintains a victims’ fund to help consumers who have been impacted by data breaches. Unfortunately, there is no such thing as the U.S. Trading Commission, even though their website looks surprisingly similar to that of the Federal Trade Commission.
There are a number of red flags about the site that by now should be obvious to a lot of users. First, similar to the legitimate sites that let you check to see if your information has been compromised, this one offers you the chance to compare your information after you hand over some details. The boxes where you enter the information are not all spelled correctly. Also, Kaspersky’s researchers typed in a jumbled array of letters instead of the information, then received an “official” response from a member of Congress whose image and signature had been stolen for this fake.
In order to file a claim on the bogus information that the website shows you so they can pay for data breaches, you must enter your SSN and payment card. Those should always be major red flags to anyone who uses the internet. There is no reason to submit your SSN to anyone without verifying the company, their web security and why they need it.
The spoofing alone, using a similar-sounding name, should have given users pause. There is no government agency with that name, and a quick Google search can show you that. Never interact with a website that claims or appears to be official if you cannot identify the agency. Also, any government agency should have a .gov ending on its website and email domain names. Any website that gathers sensitive information like a payment card number or SSN should also have an HTTPS designation at the beginning of the web address.
Unfortunately, creating a fake website as part of a new phishing scam is a shockingly easy thing to do. That is why it is important that consumers know these red flags and look for them before interacting with any company or organization. Protect yourself by developing cautious good habits about where you submit your personal data.
Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.
You may also like…