当地 | 重磅!亚城公司Equifax被黑!1.43亿人的社会安全号被盗!

摘要: 竞争日益激烈的美国零售业,收购热潮席卷美国大陆,全美各大百货公司正处于极其不稳定的状态。

导读

美国三大信用机构之一,总部在亚特兰大的Equifax 周四(9月7日)宣布,可能有1.43亿人的个人信息由于黑客侵入而被泄露,泄露的信息包括名字,社安号,部分信用卡卡号以及个人文件。


https://www.equifaxsecurity2017.com/enroll/ 这个页面可供查询,如果获得一年免费的 TrustedID Premier(一个信用监控服务),大部分可能就是中标了,如果它提示你说『Based on the information provided, we believe that your personal information was not impacted by the incident』,说明你没事。

然而,我身边大部分人,有事。


我分享一个我朋友的经历,最后说一下尽可能防范的办法。



受害人石头哥:被开了10多张信用卡、转走46万美金


我尽量把事情说得简单一些:


  • 石头哥的房产经纪的邮箱被黑了,邮箱里有当时帮石头哥买房时查的石头哥的信用记录。这个记录里有很多重要信息,包括石头哥的社安号、过去的住址、在哪些银行开户、有哪些债务等等。同时,黑客有他们的通信记录,也得到了石头哥的邮箱地址等更多信息。科普一下这些信息对坏人有什么用处:


  1. 入侵网上银行账户。很多银行账户『找回密码、更换邮箱』的时候,用来验证身份的信息都在里面。坏人可以用这些信息来侵入你的网上银行账户。

  2. 更改 Billing Address。同时,银行账号里更改 Billing Address 的时候也会问到这些信息。更改 Billing Address 后,新申请的信用卡可以寄到另一个地址(通常也是肉鸡地址,不是坏人真正的地址)。

  3. 偷窃电话,用于接收验证码。美国在不同运营商切换的时候是可以不用换电话号码的,坏人拿着受害者的社安号就可以去电信公司申请把受害者的手机号切换到自己的手机上,而很多银行大额转账的时候是需要手机号的(例如 Bank of America 的 Safepass)

  4. 有些账号的异地登录验证、找回密码也可以用手机号。


相关商家



接着,坏人趁石头哥还没有发现,做了这么几件事:


  1. 用石头哥的社安号在网上先后申请了10多张信用卡。

  2. 同时申请了2张 Debit Card(借记卡)。我们通常认为在网上是不能申请借记卡的,但其实有些银行是允许的,这个 Debit Card 坏人应该是用来从其他受害者那里转账用的,而不是坑石头哥用的 。

  3. 入侵了石头哥的网上银行账户(支票账户、个人信用卡账户、公司信用卡账户),更改了 Billing Address,并把石头哥价值$2000的信用卡积分转走。

  4. 根据我的分析,坏人应该还有尝试将石头哥的手机号切换到自己的手机上,但没有成功,因为石头哥的电话号码不是用自己的社安号申请的。电话号码被盗的悲剧曾经发生在我另一个朋友身上,这里就不多讲了。

  5. 用 Wire Transfer 的方式,将石头哥公司的46万现金转出。这里顺便科普一下,银行对外转账有几种:其中一种是 Wire Transfer,另一种是普通的 Transfer。Wire Transfer 一般没有当天金额限制,但是没法即时到账,有些银行为了保证安全,会要求在增加汇款对象的时候进行手机验证,但显然石头哥的账号没有这样限制。此外,石头哥的邮箱在事发前1-2天每天收到几千封垃圾邮件,应该是坏人为了麻痹石头哥,让石头哥在邮件堆里找不到 Wire Transfer 的提示邮件。好在石头哥是一个细心的人,及时发现这笔交易,打电话去银行追回。

  6. 坏人这次没有使用的方式,是普通 Transfer,因为坏人没有偷到石头哥的手机号。普通 Transfer 一般有按天的金额限制,比如 Bank of America 是$1000/天,如果要增加,可以增加手机验证(SafePass),无论是添加收款人,还是转账,都必须用手机验证。看到这里是不是一身冷汗?如果石头哥的银行账号和手机号同时被盗,那么坏人就可以即时把石头哥的钱全部即时转走,那要追回就很麻烦了。

  7. 接下来的几天,就是石头哥痛苦地打电话去银行取消假信用卡、改地址的过程。每次他解决完一张,坏人就又申请一张,最后他只好把自己的信用冻结。


总结一下,坏人偷走你的信用记录,他了解到的信息再加上完美缜密的规划,是足以让他在盗你账户里的钱的速度超过你补救的速度的,非常可怕。然而,我们对信用数据被盗多少有些无能为力,因为买车、买房、邮箱被窃等很多时候都有可能造成信用数据外泄,再加上 Equifax 这次将近有一半美国人数据被盗,我们的信用数据不再安全。


那么如何尽量防止石头哥的事情发生呢,基叔有如下建议

  • 在每个开户银行申请一个 Verbal Password: Verbal Password 是一个只有你知道的密码,一经申请,在打电话到银行改地址、修改密码的时候,即便坏人有你的各种信息,但没有你的 Verbal Password,他也做不成这个事情。

  • 申请一个 Credit Freeze 或者  Fraud Alert。Credit Freeze 之前提过,是防止他人查询你的信用记录的,缺点是你自己需要查询信用记录前(例如买房买车的时候),需要每次都提前打开,http://www.experian.com/blogs/ask-experian/credit-education/preventing-fraud/security-freeze/california/ 这里有个 Credit Freeze 攻略,那么问题来了,坏人知道我的信息,为什么不能解冻呢?因为申请 Credit Freeze 的时候 Equifax 会给你一个随机密码,Experian 和 Transunion 会要求你自己输入一个密码,解冻的时候需要这个密码;Fraud Alert 是每次有人查询你的信用的时候都给你发一个警报,缺点是要钱(3个月临时的除外)。

  • 亲友之间互用 SSN 申请电话号码,例如老公用老婆的 SSN 申请,老婆用老公的 SSN 申请,这样至少可以杜绝电话号码被盗的情况。

  • 不要多个账户共享同一个密码,尽量用复杂、随机的密码。


Equifax公司是一家美国消费者信用报告机构,也是美国三大信贷机构之一,其他两家信贷机构是益百利和环联,总部位于佐治亚州亚特兰大市。


Equifax在1899年成立,公司在全球拥有超过8亿用户和超过8800万家企业信息。Equifax是一家全球性服务供应商,年收入为27亿美元,在14个国家拥有7000+名员工,股票在纽约证券交易所上市交易。


Equifax于1899年作为零售信贷公司在美国佐治亚州亚特兰大成立。之后,公司迅速增长,1920年,公司在整个美国和加拿大设有办事处。到60年代,零售信贷公司是美国国内最大的征信机构之一,持有数以百万计的美国和加拿大公民文件。


Equifax客户包括:零售商,保险公司,医疗服务提供商,公用事业,政府机构,银行,信用社,个人和专业财务公司,以及其他金融机构。


Equifax在纽约证券交易所的股票代码为EFX,是标准普尔500指数成分股,董事长兼首席执行官为里克·史密斯,2014年共有7000名员工。


2013年,Equifax收入为23.04亿美元,营业收入为6.112亿美元,净收入为3.518亿美元,总资产为45.4亿美元,总股本为23.4亿美元。


Equifax Inc. is a consumer credit reporting agency in the United States, considered one of the three largest American credit agencies along with Experian and TransUnion. Founded in 1899, Equifax is the oldest of the three agencies and gathers and maintains information on over 800 million consumers and more than 88 million businesses worldwide. Based in AtlantaGeorgia, Equifax is a global service provider with US $2.7 billion in annual revenue and 9,000+[3] employees in 14 countries. Equifax is listed on the NYSE.

Equifax was founded in Atlanta, GA, as Retail Credit Company in 1899. The company grew quickly and by 1920 had offices throughout the US and Canada. By the 1960s, Retail Credit Company was one of the nations largest credit bureaus, holding files on millions of American and Canadian citizens. Even though they still did credit reporting the majority of their business was making reports to insurance companies when people applied for new insurance policies including life, auto, fire and medical insurance. All of the major insurance companies used RCC to get information on health, habits, morals, use of vehicles and finances. They also investigated insurance claims and made employment reports when people were seeking new jobs. Most of the credit work was then being done by a subsidiary, Retailers Commercial Agency.

Retail Credit Companys extensive information holdings, and its willingness to sell them to anyone, attracted criticism of the company in the 1960s and 1970s. These included that it collected "...facts, statistics, inaccuracies and rumors… about virtually every phase of a persons life; his marital troubles, jobs, school history, childhood, sex life, and political activities." The company was also alleged to reward its employees for collecting negative information on consumers.[4]

As a result, when the company moved to computerize its records, which would lead to much wider availability of the personal information it held, the US Congress held hearings in 1970. These led to the enactment of the Fair Credit Reporting Act in the same year which gave consumers rights regarding information stored about them in corporate databanks. It is alleged that the hearings prompted the Retail Credit Company to change its name to Equifax in 1975 to improve its image.[4]

The company later expanded into commercial credit reports on companies in the US, Canada and the UK, where it came into competition with companies such as Dun & Bradstreetand Experian. The insurance reporting was phased out. The company also had a division selling specialist credit information to the insurance industry but spun off this service, including the Comprehensive Loss Underwriting Exchange (CLUE) database as ChoicePoint in 1997. The company formerly offered digital certification services, which it sold to GeoTrust in September 2001. In the same year, Equifax spun off its payment services division, forming the publicly listed company Certegy, which subsequently acquired Fidelity National Information Services in 2006. Certegy effectively became a subsidiary of Fidelity National Financial as a result of this reverse acquisition merger (See Certegy and Fidelity National Information Services for further information).

In October 2010, Equifax acquired Anakam, an identity verification software company.[5]

Equifax purchased eThority, a business intelligence (BI) company headquartered in Charleston, South Carolina in October 2011. eThority is partnering with TALX, a St. Louis-based business unit of Equifax, and will remain in Charleston. [6]

Equifax Workforce Solutions is one of the 55 contractors hired by the United States Department of Health and Human Services to work on the HealthCare.gov web site.[7]



??关注本公众号并回复关键词“信息安全“,阅读更多相关文章.

相关商家


本文由【亚特兰大生活网】独家约稿、或整理编辑。转载时请注明出处!图片取自网络,版权属于原作者。免责声明:观点仅代表作者本人立场。


首页 - 亚特兰大华人生活网 的更多文章: