The Washington PostDemocracy Dies in Darkness

No, that email from Equifax is not a scam. You are entitled to free credit monitoring for four years.

But the company’s data breach settlement is still a letdown

(Mike Stewart/AP)

I don’t trust any email I receive — even when it’s coming from someone I know.

So, when an email popped into my inbox with the subject line, “Equifax Breach Settlement (Credit Monitoring Instructions and Activation Code),” I nearly deleted it.

But, no, it’s real.

IRS abandons facial recognition plan after firestorm of criticism

In September 2017, Equifax announced a massive breach had exposed the personal information of approximately 147 million people. At the time, the company said hackers exploited a “website application vulnerability.” People’s names, Social Security numbers, birth dates, addresses — and in some instances driver’s license numbers, credit card numbers and other personal information — were compromised, putting millions of folks at risk of identity theft and other fraudulent activity.

In a 2019 complaint, the Federal Trade Commission alleged that Equifax had failed to make a patch in its network after being alerted to the security vulnerability.

Equifax, without admitting guilt, agreed that year to a settlement with the FTC, the Consumer Financial Protection Bureau and 50 states and territories. Part of that settlement was providing credit monitoring.

Because of appeals, the settlement was not finalized until last month. Now millions of people who filed a claim are getting an email from the settlement administrator asking them to sign up for free credit monitoring for four years, which covers their files at all three credit bureaus — Equifax, Experian and TransUnion.

Hacks and data breaches are all too common. Here’s what to do if you’re affected.

Let me tell you how this breach and so many others have affected my life. I’m sure you can sympathize, because no amount of free credit monitoring is going to make up for the incessant scam and sham telephone calls, text messages and emails.

I regularly get calls to extend the manufacturer’s car warranty I never had, or I receive intimidating voice-mail messages that the IRS is going to have me arrested for an overdue tax bill I don’t owe.

Then there are the aggravating phishing emails — hundreds every week. It’s like playing whack-a-mole at a carnival. You delete them, but more keep popping into your inbox.

I don’t believe for a second some clinical research project is going to pay me up to $1,125. I don’t need a cheap cure for erectile dysfunction. UPS isn’t trying to reach me. Samsung, Lowe’s, Dollar General and Apple are not giving me $90.

And AOL/Verizon is not updating my email account. This last one is a con, and it’s snaring a lot of victims.

Recently, I received an email from a friend. It said, “I hope you’re good, do you order from Amazon?”

Keep track of your Venmo, PayPal and other payment app transactions in case the IRS comes asking

I responded by asking how her new job was coming.

Then came this request: “I’ve been trying to purchase a $250 Amazon E-Gift card by email, but it says they are having issues charging my card. I contacted my bank and they told me it would take a couple of days to get it sorted. I intend to buy it for my friend whose birthday is today. Can you purchase it from your end for me, I’ll refund it to you once my bank sorts the issue out, I promise.”

My frugal friend would never make such a request. I knew it was a scam. But here’s the problem, the email address was legit. There were no misspellings to give away the criminal. Turns out, my friend had thought the email from AOL/Verizon was real. In a security slip, she clicked on a link and provided key log-in information, and the crook ultimately took over her email account and sent out dozens of emails asking for money. At least four of her acquaintances jumped to help and, in total, they lost $1,000.

This invasion of your private email inbox and the phone calls that force you to screen everyone are in part due to massive corporate data breaches. Our personal information is so compromised that it’s exasperating trying to play detective and figure out what’s authentic.

533 million Facebook users’ phone numbers, personal information exposed online, report says

It’s ironic that the email offering protection because of the Equifax breach is so suspect that I’m sure many people will ignore it, as I almost did.

And to add insult to our privacy injury, to sign up for the credit monitoring service, being offered by competitor Experian IdentityWorks, you have to provide the very information that was stolen from Equifax.

So, should you sign up?

The answer falls in the category of “whatever.”

Even with credit monitoring, your information can still be used by identity thieves. The notices you get as part of a credit monitoring service are after the fact — after something suspicious or fraudulent might have happened. The only thing we have left is to try to catch an identity thief before too much damage is done.

Still, you have to take whatever precautions you can. With your personal information, identity thieves can do a lot of financial harm. They can trick you into giving them access to your bank account, or persuade you to send them money via gift cards to avoid the suspension of your Social Security number. (It’s a lie.) They can even get medical treatment using your health insurance information, leaving you with the bill.

I saved my sister from a Social Security scam. Listen to the actual call.

Here’s something else that is likely to happen. The scammers follow the news, too. You will probably get fake emails and phone calls about the Equifax breach and the identity protection being offered. So, read the following carefully:

— The email should have the following address: Triple-check this before responding or clicking any links.

— The website to claim the free daily credit monitoring is at To get the service, you will have to enter the activation code in the email you received from the settlement administrator. You can also call Experian at 1-877-251-5822. You must use the activation code by June 27.

— If any call or correspondence via text or email says you have to pay anything, it’s 100 percent a scam. This service is free for you. You do not need to provide any payment information to enroll, and you do not need to cancel the service when it ends.

— You will not get a call about the settlement, the FTC points out. However, you can reach the Equifax settlement administrator at 1-833-759-2982.

How to duck spam and data breaches with throwaway numbers, email addresses and credit cards

— If you want to know more about the breach, go to

Think of this identity protection being offered as you would a sturdy umbrella you might use doing a heavy rainstorm. It gives you some coverage, but you can still get wet.