Economy

Equifax tweets sent victims to phishing site

Equifax tweets sent victims to phishing site”

The site looks exactly like the real Equifax support site but scrolling down the page reveals some of the shortcomings in how Equifax built its site, including failing to get a reputable digital certificate to authenticate the site and encrypt data transmitted to it. The company's Twitter account is only making matters worse.

The company did not provide an explanation for how it made such an obvious mistake, particularly at a time when its practices were already under the spotlight after Equifax suffered a massive security breach. The links have been deleted, but screenshots show it was not a one-time flub. By using domains that are similar to the domains of a bank or Web service and copying the overall look and feel of the site, attackers can often fool people into thinking they're visiting a site they know and trust, rather than a malicious one set up for purposes of fraud.

Equifax's response to its data breach has been a total shitshow, something the company seems determined to remind us of each and every day. Instead of offering help, the site mocks Equifax for "using a domain that's so easily impersonated by phishing sites". Soon after it launched, some browsers flagged it as a phishing site.

Since the consumer received the link from an official service representative, they would have little reason to question the legitimacy of the site and would likely enter personal information into forms on the site without giving it a second thought.

Fake Equifax breach-response site created by Nick Sweeting.

And it appears even Equifax was duped by the fake site.

He told CNN Tech the move was a part of an effort to get Equifax to change the hosting to the company's secure website.

Nick Sweeting, the web developer who created the dummy website September 8, messaged me over Twitter that it only took him 20 minutes to make the clone. He used a simple content retrieval tool, the wget computer program, to copy Equifax's real website and host it on his own.

"Their response to this incident leaves millions vulnerable to phishing attacks on copycat sites", the fake website states.

Equifax has not yet responded to Slate'srequests for comment.



Like this

loading...
loading...

Latest


21 September 2017
Gerry Ritz apologizes for calling environment minister 'climate Barbie'
Tory MP Michelle Rempel, who has spoken out about the sexism women often face in politics , also weighed in Tuesday night. Maryam Monsef, minister for the status of women, took to Twitter to call out Ritz's "gender-based name-calling".

21 September 2017
Tesla Close to Unveiling Autonomous Driving Chips With AMD
Alphabet Inc (NASDAQ: GOOGL ), the parent company of Waymo, has already constructed two versions of an AI chip. Plus, Tesla would be less impacted by pricing dictated by Nvidia if it switches to in-house hardware.

21 September 2017
Equifax CSO and CIO leave after widespread data breach
That review is being conducted with security outfit Mandiant, which the new statement says was engaged on August 2nd. The specific vulnerability is CVE-2017-5638 which was patched by the Apache Struts project in March 2017.

21 September 2017
Everton forward Rooney handed two-year driving ban
A breathalyzer test showed Rooney's alcohol level was 104 micrograms in 100 millilitres of breath. The judge said he was not convinced a large fine would have the same effect as community service.

21 September 2017
McKesson Corporation (NYSE:MCK) Shorts Up 16.11% - Currently Trading Down
BidaskClub downgraded shares of McKesson Corporation from a "hold" rating to a "sell" rating in a report on Wednesday, August 9th. After $0.57 actual EPS reported by SEI Investments Company for the previous quarter, Wall Street now forecasts 0.00% EPS growth.

21 September 2017
Neil McCann isn't fazed by 'disgusting' abuse from Celtic fans
The Hoops play in Tayside before travelling across Glasgow to face bitter rivals Rangers in the Ladbrokes Premiership at Ibrox on Saturday.

21 September 2017
Investor's Watch List: Fuelcell Energy Inc (FCEL)
COPYRIGHT VIOLATION NOTICE: This news story was first published by StockNewsTimes and is the sole property of of StockNewsTimes. Finally, FBR & Co reiterated a "hold" rating on shares of FuelCell Energy in a research note on Tuesday, September 5th.

21 September 2017
Trump Judicial Pick: Transgender Children Part of 'Satan's Plan'
Matthew Kacsmaryk, a deputy general counsel to the First Liberty Institute, to be a district judge on the U.S. District Court for the Eastern District of Texas. "NC-17 or whatever?" he added.

21 September 2017
Man faces manslaughter charge after Thames speedboat date night death
Brown, originally from Welling, south-east London, was described by her family as a "fun-loving" woman. She was found in the river after a boat carrying her and her date capsized near Wandsworth Bridge.

21 September 2017
Capital Fund Management SA Purchases Shares of 5035 Hexcel Corporation (HXL)
The aerospace company reported $0.67 EPS for the quarter, missing the Thomson Reuters' consensus estimate of $0.69 by ($0.02). Moreover, Sei Invs Communication has 0% invested in Hexcel Corporation (NYSE:HXL). 377,869 are held by Jpmorgan Chase.