From 2012 through 2016, several hacks penetrated Yahoo systems and stole billions of records.
While the $117.5 million is not nearly as big as the $700 million settlement that credit agency Equifax agreed to for its 2017 data breach involving 147 million records, it's still enough of a phish bait to use social engineering and deceive people in disclosing their personal information. Cybercriminals are going to benefit from Yahoo Settlement phishing scams.
They are going to promote not only cash, but Yahoo is also offering two years of free credit-monitoring services to anyone who had a compromised account. If the money sounds better, they can ask for a cash payment of $100 as long as they verify that they've already signed up for a credit-monitoring service.
Bad actors are going to use the "urgency" trick. The settlement is a set amount, meaning there’s only so much cash to go around. If too many people sign up for the cash option, they will have to split the pool. If someone had to spend time or money dealing with identity theft or other problems they believe stemmed from the Yahoo hacks, they can file a claim for up to $25,000 in out-of-pocket losses. All in all, enough bait to trick people.
I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:
ALERT: Cybercriminals are now trying to trick you into filing a Yahoo claim and get a $100 payment because your personal data was in one of the big Yahoo data breaches. They are sending phishing attacks that look like they come from Yahoo and when you click on the links, you wind up on a fake website that looks like it's Yahoo, but will try to steal your personal information. Don't fall for it!
For KnowBe4 customers, we have two templates ready so that you can inoculate your users against this attack. I suggest you send them one of these in the coming days.
They are under Current Events:
Yahoo: You may be entitled to a Class Action Settlement
Yahoo: Class Action Settlement
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc.