Data Scams: Time to take a Proactive Stand

Today’s topic is a very serious issue with significant repercussions for its victims: the theft of personal data, also known as Personally Identifiable Information (PII). This article will present an example of the aftermath of a data breach, specifically how it can lead to a debt collection scam targeting consumers.

In recent years, there have been a considerable number of data breaches—I’ve even received a few of those notification letters myself. The example I’ll share was provided by a friend who was concerned about a suspicious situation. I was able to help identify the scam and prevent the loss of both finances and additional personal data. With permission, I was able to share this example of a more elaborate debt collection scam.

With that in mind, I want to emphasize how important it is to maintain security and compliance—not only for your own personal data but also for the data you handle at work. When a company experiences a data breach, the stolen information often includes the personal data of everyday people: customers, vendors, or associates.

I’ll break down how the attacker in this case purchased stolen data and used it under the guise of legitimate companies to attempt phishing and gain unauthorized access to accounts. The most important advice I can offer is this: if you encounter a suspicious bill or communication, do not use the contact information provided in the message. Instead, call the company directly using verified contact details. Also, reach out to credit reporting agencies like TransUnion and Equifax to confirm any suspected debt collection activity.

The example I’ll be sharing represents one prong of a two-pronged scam. It begins with a fake delinquent bill from a service the victim has never used.

The second prong of the scam is where we pick things up. In the image below, the attacker references two real companies but makes several mistakes in the letter—just like they often do in phishing emails.

I want to emphasize that data breaches not only harm everyday people but also pose serious risks to companies. Through compromised organizations, scammers can reach consumers—many of whom may not have the tools or knowledge to protect themselves. This is why maintaining a secure environment with modern tools is more important than ever.

Please consider taking proactive steps to protect your company, your employees, your customers, and your partners. Everyone has a role to play in preventing these kinds of incidents.

What are some ways you can be proactive—both in Home and at Work?

Individuals:

• Foster and promote better online behavior and habits. Watch what you click on or respond to with information about yourself.
• Always scan, read, and critically evaluate any email or communication that attempts to solicit information.
• If you weren’t expecting it, don’t trust it. Call and confirm—this is the safest route.

Organizations:

• Modernize defensive tools and processes to align with current security standards.
• Proactively monitor assets, data, endpoints, applications, and identities.
• Commit to continuous improvement through ongoing monitoring with modern tools such as Microsoft Defender XDR or other advanced protection platforms. Assess your current tool set and look for gaps.
• Avoid reactive spending—it’s often too late by then. If you’ve been attacked once, there’s a high chance it could happen again. It’s time to shift to a proactive defense strategy.
• Adopt principles of such as Microsoft Zero Trust or guiding principles to set strong cloud or Hybrid cloud perimeters

Thank you for taking the time out to read about this important topic.