After Equifax Breach, Wealthy Consumers Present Alluring Targets For Hackers - Here’s how to protect yourself from email and medical fraud schemes.
Of the 143 million U.S. consumers whose personal information was potentially exposed in the Equifax data breach, the wealthy could face their own particular set of vulnerabilities.
Would-be criminals could use customers’ stolen names, Social Security numbers, birth dates and addresses—information exposed in the Equifax breach—to target those who may have bigger bank accounts, larger lines of credit and more assets, experts say.
A relatively easy way crooks could target the wealthy is by sorting the Equifax information by ZIP Codes that are associated with wealthy areas such as Beverly Hills, Calif., or Greenwich, Conn., some cybersecurity experts say.
“Hackers get the most bang for their buck by focusing on wealthy,” says Roderick Jones, chief executive of Rubica Inc., a cybersecurity firm that works with wealthy individuals.
Here are weaknesses wealthy Americans should watch out for:
Fraudsters may use the compromised Equifax data to not only open high-limit credit cards or take out loans in victims’ names, Mr. Jones says, but also to hack into their email accounts to gather information so they can commit other crimes.
Using the details gathered from the breach, experts say hackers are likely to launch “phishing” attempts on their targets. With knowledge of a loan at a certain bank, for example, a hacker could craft an email about that loan that sounds believable and encourages the victim to either click a link that may infect their computer or sends them to a malicious website that gathers even more data that could be exploited.
Another example: After infiltrating a victim’s email and learning his or her writing style, a hacker could email that person’s financial adviser and request a wire transfer, experts say. If the adviser doesn’t have the proper security procedures in place and doesn’t at least verify a wire-transfer request with a verbal confirmation from the client, that money could end up in a fraudster’s account.
How to respond: Use different, complex passwords for each of your accounts, security experts say. Don’t use your Social Security number as any part of an online password or username. While such tips aren’t new, experts say they bear repeating because the security gaps they address are among the most frequently exploited.
Also, take caution with emails that appear to be from a legitimate financial institutions. When in doubt, call that provider directly or log on to their website from a secure connection to check your accounts, security experts say.
Equifax victims may be at particular risk for medical fraud, too, says Michael Kaiser, executive director at the National Cyber Security Alliance. That’s because they often have strong medical insurance and prescription-drug coverage.
A crook could use the information stolen in the breach to impersonate a victim and seek treatment from various doctors or specialists, potentially running up high medical bills.
Meanwhile, the opioid epidemic raises the stakes for prescription-drug fraud.
Crooks could sell the information to individuals addicted to prescription drugs, including opioids, says Eva Velasquez, president of the Identity Theft Resource Center, a nonprofit group that helps victims of identity theft.
That person would then use the stolen information to buy prescription drugs under the victim’s name using their health insurance. The victim will often get the bill for any unpaid expenses and crook’s use of the drug will be recorded into the victim’s health records, she says.
Ms. Velasquez says that once an individual provides proof of identity theft, he or she generally is no longer held responsible for debts incurred by a fraudster. In the interim, however, a victim may be held responsible and this can have an impact on credit scores.
And in cases where insurance was used fraudulently, plan caps and thresholds can be met or exceeded, making it difficult for victims to obtain necessary medical services, she says.
How to respond: If you get bills or explanation-of-benefits forms that you don’t recognize, call the billing office of the medical provider and your insurance company to challenge the charges, Mr. Kaiser says. Keep copies of any documents you receive and keep notes on your conversations.
And ask your providers about any extra layers of security they have, including two-factor authentication, personal identification numbers and biometrics such fingerprint readers, and take advantage of those features, Ms. Velasquez says.
“Yes, more security adds a layer of inconvenience, but that’s OK if it protects you in the long run,” she says.