Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Someone Made a Fake Equifax Site. Then Equifax Linked to It.--NY Times
Old 09-21-2017, 08:24 AM   #1
Dryer sheet aficionado
tuckeverlasting's Avatar
 
Join Date: Apr 2011
Location: The Emerald City
Posts: 42
Someone Made a Fake Equifax Site. Then Equifax Linked to It.--NY Times

by Maggie Astor

People create fake versions of big companies’ websites all the time, usually for phishing purposes. But the companies do not usually link to them by mistake.

Equifax, however, did just that after Nick Sweeting, a software engineer, created an imitation of equifaxsecurity2017.com, Equifax’s page about the security breach that may have exposed 143 million Americans’ personal information. Several posts from the company’s Twitter account directed consumers to Mr. Sweeting’s version, securityequifax2017.com. They were deleted after the mistake was publicized.

By Wednesday evening, the Chrome, Firefox and Safari browsers had blacklisted Mr. Sweeting’s site, and he took it down. By that time, he said, it had received about 200,000 hits.

Fortunately for the people who clicked, Mr. Sweeting’s website was upfront about what it was. The layout was the same as the real version, complete with an identical prompt at the top: “To enroll in complimentary identity theft protection and credit file monitoring, click here.” But a headline in large text differed: “Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?”

Continue reading the main story

https://www.nytimes.com/2017/09/20/b...pgtype=article
__________________

__________________
tuckeverlasting is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-21-2017, 08:31 AM   #2
Recycles dryer sheets
Nightcap's Avatar
 
Join Date: May 2012
Location: Brewster
Posts: 238
Sweet creeping Cthulhu on a crutch! Who the hell is running their IT department?

Are TransUnion and Experian better, or have they just not screwed up in public yet?
__________________

__________________
Nightcap is offline   Reply With Quote
Old 09-21-2017, 08:37 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 15,698
Quote:
Originally Posted by Nightcap View Post
Sweet creeping Cthulhu on a crutch! Who the hell is running their IT department?

Are TransUnion and Experian better, or have they just not screwed up in public yet?
Unfortunately I suspect it's the latter. Experian has had a couple of famous breaches, but not as comprehensive as the Equifax one, AFAIK, and maybe they've been motivated to clean up their act a bit since being embarrassed.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 09-21-2017, 08:43 AM   #4
Dryer sheet aficionado
 
Join Date: Sep 2017
Posts: 38
Quote:
Originally Posted by Nightcap View Post
Sweet creeping Cthulhu on a crutch! Who the hell is running their IT department?
Did someone on Equifax IT tweet the bad link?

You are blaming the gun and should be blaming the shooter.
__________________
ace8 is offline   Reply With Quote
Old 09-21-2017, 09:16 AM   #5
Recycles dryer sheets
Nightcap's Avatar
 
Join Date: May 2012
Location: Brewster
Posts: 238
Quote:
Originally Posted by ace8 View Post
Did someone on Equifax IT tweet the bad link?

You are blaming the gun and should be blaming the shooter.
Not sure what that means, but as a career IT person I can tell you that it's brain-dead to set up a new domain if you're using it to collect sensitive information. If you look at the URL line in your browser when you're at Equifax, you'll see a lock, or the URL in green, indicating that it's an encrypted link and the other end is in fact "equifax.com." Do you have any idea who "equifaxsecurity2017.com" is? You should not trust that address. You should certainly not enter sensitive information into that website, but that's what Equifax expects you to do.

The biggest security flaw on the Internet is people. They get an email saying, "Hello, I am you bank. Your account may have be hacked. Please to provide your full name, social security numbers, account number, PIN..." and they actually comply. They get sent to a website they've never heard of and, just because they see Apple's log, they try to log in with their Apple ID and password, handing that information over to evildoers.

In sum: Equifax is manifestly incompetent.
__________________
Nightcap is offline   Reply With Quote
Old 09-21-2017, 09:25 AM   #6
gone traveling
 
Join Date: Mar 2017
Location: New York City
Posts: 2,838
Wow, this is bad, Some of you IT security retirees with great credentials(not necessary as we saw a music major was the old boss), apply for the job. Ask for big bucks Im sure they were already paying 7 figures. If you need a driver send me a PM, Im available after mom goes to bed.
__________________
Blue Collar Guy is offline   Reply With Quote
Old 09-21-2017, 09:36 AM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,162
The big problem is authenticating who one is talking to on the internet. Some good minds are working on that problem and we should see some improvements if the people in charge will implement them. (I'm looking at you American bankers who still won't do chip-and-pin properly.)

But, I fear that the same very vulnerable people who hire some drive-by 'contractor' to fix fake problems with their roof will still be taken by criminals.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-21-2017, 09:59 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 15,698
Quote:
Originally Posted by ace8 View Post
Did someone on Equifax IT tweet the bad link?
Not just once either! Apparently several incorrect links!!!
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 09-21-2017, 01:43 PM   #9
Recycles dryer sheets
 
Join Date: Feb 2013
Location: San Jose
Posts: 165
Quote:
Originally Posted by tuckeverlasting View Post
By Wednesday evening, the Chrome, Firefox and Safari browsers had blacklisted Mr. Sweeting’s site, and he took it down. By that time, he said, it had received about 200,000 hits.
https://www.nytimes.com/2017/09/20/b...pgtype=article
Unfortunately I'd surmise that any personal data entered would be safer on Mr Sweeting's site.
__________________
dunkelblau is offline   Reply With Quote
Old 09-21-2017, 01:44 PM   #10
gone traveling
 
Join Date: Mar 2017
Location: New York City
Posts: 2,838
Quote:
Originally Posted by dunkelblau View Post
Unfortunately I'd surmise that any personal data entered would be safer on Mr Sweeting's site.
__________________

__________________
Blue Collar Guy is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Poll: Is the flat market "good times" or "bad times" papadad111 Stock Picking and Market Strategy 33 06-04-2016 09:44 AM
It was the best of times, it was the worst of times... freebird5825 Other topics 32 12-27-2008 09:22 PM
How Many Know Someone Who Retired Then Became Seriously Ill Or Died? mountaintosea Health and Early Retirement 37 02-06-2007 10:44 PM
Long working hours linked to high blood pressure Nords Other topics 3 08-29-2006 03:45 PM

 

 
All times are GMT -6. The time now is 04:54 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.