There doesn’t appear to be an end in sight for the recent Equifax data breach that compromised the personal information of more than 143 million people. After trying to assuage customers by offering ID and credit score monitoring, the company came under fire when they tried to insert some fine print in the monitoring agreement that waived a consumer’s right to sue as a result of the stolen data. Then, the company admitted the hackers had gained entry via a security issue that had a patch available—Equifax just hadn’t bothered to implement it.

The latest issue: On September 14, the Federal Trade Commission (FTC) posted a warning on their blog cautioning consumers to be mindful of phone scammers posing as Equifax representatives.

“It’s a scam,” FTC employee Lisa Weintraub Schifferle writes. “Equifax will not call you out of the blue.”

Schifferle advises that anyone receiving a call from someone posing as an Equifax employee hang up immediately, even if your caller ID indicates it’s genuine. (Spoof numbers can mimic virtually any business.)

Unfortunately, that’s not all victims of the breach have to worry about. CBS News reports that information mined from the hack could be used in a scam to file tax returns and receive a refund—the person with the compromised identity won’t know it until he or she files their real return and is told it’s already been processed. If this happens, it's best to phone the FTC’s Identity Theft Hotline (877-438-4338) for advice on how to proceed.

Experts are also asking consumers to be on guard against “spear-phishing,” the practice of sending emails that appear to be from banks or other businesses that have enough of your personal information to look legitimate. Clicking through might open the door to malware that can steal even more of your data. It’s best to initiate contact with financial institutions yourself and avoid clicking on any links. When it comes to your financial and personal information, a little paranoia can go a long way.

[h/t Lifehacker]