In case you missed the memo, if you’ve ever stayed at a Marriott before…there’s a good chance that all your personal details now belong to hackers. Over 500M people’s information was compromised making this one of the largest data breaches of all time. Given that Marriott is in the middle of a heated labor dispute, it’s safe to say they have been a prime target across-the-board.
Sadly, when a company is down, especially after they’ve suffered a huge data breach, scammers start to come out of the woodwork. As I’ve covered before, one of the first places scammers look when they’re starting a scam – domains of course.
Well this time around security experts are trying to stay one step ahead of scammers by registering Trademark infringing names on behalf of Marriott and using them to warn users of potential scam activity.
Often what happens after a data breach, scammers will capitalize on the news cycle by tricking users into turning over their private information with their own stream of fake messages and websites. It’s more common than you think. People who think they’re at risk after a breach are more susceptible to being duped.
Companies should host any information on their own websites and verified social media pages to stop bad actors from hijacking victims for their own gain. But once you start setting up your own dedicated, off-site page with its unique domain, you have to consider the cybersquatters — those who register similar-looking domains that look almost the same.
Take “email-marriot.com.” To the untrained eye, it looks like the legitimate domain — but many wouldn’t notice the misspelling. Actually, it belongs to Jake Williams, founder of Rendition Infosec, to warn users not to trust the domain.
“I registered the domains to make sure that scammers didn’t register the domains themselves,” Williams told TechCrunch. “After the Equifax breach, it was obvious this would be an issue, so registering the domains was just a responsible move to keep them out of the hands of criminals.” (Source – Techcrunch)
What does this mean for you? Be very careful if you get an email from “Marriott” talking to you about anything remotely close to updating your account information after the data breach. Sure, there are legitimate emails going around but scammers are getting good at faking emails and those scam emails look almost exactly the same as the real thing.
For now, it’s safe to say that Marriott probably isn’t the most fun place to work…and for those of us who have stayed with Marriott before, which is probably a lot of us, it’s time to start monitoring your identity because all your information is probably out there.