Scam Alert: Phishing campaign impersonating Equifax

We are aware of an ongoing SMS phishing campaign (also known as smishing) targeting individuals impacted by the recent Optus breach.

The message claims to be from Equifax, advising individuals that they are entitled to a free Equifax subscription which can be accessed by clicking on a malicious link within the SMS.

Individuals are then requested to register via a fraudulent website that impersonates our legitimate credit monitoring products. Once registered, the site presents fake credit monitoring reports and requests additional personal information such as credit card details. 

This is not a genuine website and is not authorised by Equifax Australia. We will never ask you to validate your identity by providing your credit card details. DO NOT click on the link, respond to the sender or enter your personal information or credit card details into the website.  

What to do if you click on a suspicious link
If you clicked on a suspicious link or attachment and are worried about potential phishing, here are some steps you can take:

• Disconnect your device from the internet as quickly as possible. This may help reduce the risk of malware spreading to other connected devices and may prevent a hacker from remotely accessing your device. Reconnect your device once you have completed the security scans and determined your device is clean.
• Scan your device with antivirus or security software. You may be able to run the scan, even if you aren't connected to the internet.
• Update your passwords. If you entered any personal information, such as a password, use an uncompromised device to change that password on any affected accounts.
• Alert any account providers of the breach. If you entered a credit card or bank account number, contact your credit card company or financial institution.
• If you believe information such as your credit card number or bank account details has been compromised, visit IDCare (https://www.idcare.org/) to report the theft and make a recovery plan.

How to protect yourself
Keeping your information safe is our priority. In light of the recent cyber attacks across Australia, it is important we all remain vigilant.  While phishing typically refers to email scams, smishing refers specifically to deceptive text messages. Phishing and smishing are common strategies used by online scammers to steal personal and financial information. If you are one of the millions of Australians who regularly use email, text and other virtual messaging platforms, it is vital to understand and recognise signs of potential phishing and smishing attacks and take the necessary steps to protect yourself:

• Stop before you click
• Never reply or engage with the sender
• Be aware that malicious actors may also try to obtain your personal or financial information or try to obtain access to your computer via telephone by masquerading as Equifax Australia. In such cases, please disconnect the call and contact us via our official phone number as listed on our website to verify the communication (13 8332).

How to register for Equifax services
If you are looking to sign up to an Equifax service, always navigate directly to the Equifax Australia website (https://www.equifax.com.au/personal/) yourself and only log on to a site you know to be genuine, rather than using any links sent via other communication channels such as email or SMS.

Please note, Equifax is offering credit monitoring and identity protection services to affected Optus customers. Eligible customers will be provided with a unique code via Optus. We will never ask for your credit card details to sign up to this service. To obtain your unique code, please message Optus via My Optus app, visit an Optus retail store or call 133 937. For more information regarding the registration process, please visit https://www.equifax.com.au/optus.