The Marriott Breach: How Fake Emails and Other Scams Will Make It Even Worse

After a major cyber breach like the latest Starwood (Marriott) breach, millions of people worry about their stolen data. And millions of other people just yawn.

Whether you’re worried about breachers or are bored with them, you need to know this: scammers will take full advantage of all the buzz and try to trick you. Here’s what to look out for:

Fake emails

Watch out for emails that claim to be informing you about the breach. Email phishing scams can range from notices that look like they’re from Marriott to fake class-action suits to requests from other hotel chains to change your password. Because people are concerned about the hack, they aren’t as careful about which links they click.

Marriott has added to the confusion. Their email to customers announcing the breach came from a third-party email address and the domain didn’t load when you clicked it. It seemed like a fake email itself. The official Marriott webpage that provides details about the breach,, isn’t on a Marriott, or Starwood-branded website. Rather, it’s on the Duff & Phelps website, which is a global firm that specializes in managing cybersecurity issues among other things. Talk about confusing.

If you get an email related to the breach, don’t click any links. Instead, navigate to the website yourself.

Fake websites

Be careful when visiting websites related to the hack that purports to provide information about identity protection. Imposter websites are one of the most effective cyber tricks — they work. Designers create copycat websites that look like the real thing except for perhaps one letter in the URL. If you don’t know that Marriott is spelled with two Rs and two Ts or you don’t bother to look closely, you can be clicking around a cloned, malicious site without realizing you’re compromising your computer.

Following the Equifax hack last year, Equifax itself tweeted out a link to a fake website to customers who were looking for information on the hack. Equifax had created a site specifically for the hack with the URL But someone else created a site with the URL Luckily for the Equifax customers (and for Equifax), the cloned site was set up by a software engineer who wanted to prove how easy it is to fool people. His site got 2,000 hits before the Twittersphere went nuts with his fake-site news.

You can be confident that cybersquatters have parked themselves on URLs similar to major companies, waiting to pounce when the time is right.

Fake Google search results

Double-check your search results. Yes, Google can deliver results that lead you places you don’t want to go — such as malicious or compromised websites. Cyber scammers who know how to use Search Engine Optimization (SEO) techniques can be as effective as legitimate SEO experts. And they can get their websites listed on the first page of Google results.

Last year, a scam involving a bank tricked unsuspecting Google users into visiting websites that had been hacked and changed. The scammers had loaded malware onto the hacked sites and made changes to the sites so that they’d show up for specific keywords. When people searched for those keywords, Google delivered the hacked website in the search results. Then, once visitors were on the site, the malware was automatically downloaded via a series of hidden redirects.

Criminals don’t have to build fake websites to scam people who are distracted or worried. They can just infiltrate someone else’s.

And remember that Google ads appear in search results in the same way that websites appear organically — via keywords. Marriott is currently running a Google AdWords campaign that places an ad for its benignly named “Starwood Database Incident” at the top of Google results for many different keywords. Anyone can set up a Google AdWords campaign, including scammers.

So if you search for “Marriott hack was my information stolen” or something remotely similar, pay attention to the URLs that show up in your search results, including the ads. If you’re concerned your information was stolen in the Starwood breach, you can:

If you liked this post, don’t forget to subscribe to FrogTalk, our monthly newsletter.