Equifax Sent Consumers To Fake Phishing Site For TWO Weeks [VIDEO]

Equifax Sent Consumers To Fake Phishing Site For TWO Weeks [VIDEO]

Equifax Sent Consumers To Fake Phishing Site For TWO Weeks [VIDEO]

The problems that consumers have regarding the massive Equifax data breach won’t be going away anytime soon. We wrote about Equifax here and here. Equifax’s response is a raging inferno of incompetence.

Well over 44 million in the UK had their data compromised. Then Hold Security broke the news that Equifax’s South America operation was so compromised that it had to be shut down. Why? The hackers gained access because the system password was Admin/Admin! Seriously, you cannot make this stuff up.

Then we find out that the Chief Security Officer for Equifax, Susan Mauldin, had absolutely THE best credentials for an IT job…EVER!

Yes, you read that correctly. Now we find out that Equifax wasn’t even monitoring the site THEY created to “help” consumers get information regarding the security breach!

For nearly two weeks, the company’s official Twitter account has been directing users to a fake lookalike website, the sole purpose of which is to expose Equifax’s reckless response to the breach.

Can ANYONE at Equifax please explain WHY they didn’t create a subdomain on the original Equifax site and direct consumers there instead of creating a site that allowed for massive phishing scams that further imperil consumers? 

To illustrate how idiotic Equifax’s decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words “security” and “equifax” around.) Sweeting’s website looks slightly different than the official Equifax website, as you can see below, but only because he isn’t actually trying to dupe anyone:

Yes folks, This. Is. Equifax.

That’s not all. Music Major Mauldin, who abruptly resigned along with CIO David Webb, KNEW there were issues with the system. They were notified in MARCH of this year of the Apache Strut problem and given extremely clear instructions on how to fix the problem…and they didn’t.

Equifax is facing considerable heat from Congress as well as several state attorneys general on this firestorm. The timing of the $1.8 million in stock sales that three top execs made after the breach was discovered is understandably NOT sitting well with anyone.

Furthermore, this via KrebsOnSecurity is makes Equifax’s response worse, not better.

Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax.

What is different about these alerts is that Visa and MasterCard are specifically naming Equifax as the culprit. 

In a non-public alert sent this week to sources at multiple banks, Visa said the “window of exposure” for the cards stolen in the Equifax breach was between Nov. 10, 2016 and July 6, 2017. A similar alert from MasterCard included the same date range.

In other words, Equifax totally ‘effed up.

Equifax has completely botched their response at all levels.

It doesn’t help that Equifax has chosen to engage in a snippy blame game while leaving consumers twisting in the wind.

The Federal Trade Commission is now investigating. I wouldn’t count on them getting results anytime soon.

KrebsOnSecurity. informs us that Experian, TransUnion, AND Equifax are pushing consumers to use “credit locks” rather than credit freezes. Yet many are getting error messages or their accounts are billed more than once for the “service.” Will this safeguard your data? NO.

In short, TransUnion’s credit lock service (and a similarly named service from Experian) doesn’t prevent potential creditors from accessing your files, and these dubious services allow the credit bureaus to keep selling your credit history to lenders (or identity thieves) as they see fit.

Oh and guys? That PIN that Experian gives you so you can unlock your frozen credit file if you need to? Read THIS on how Experian’s protocols regarding PINS and KBA’s are completely insecure.

So, what do we do now? Here’s an idea!

https://twitter.com/JusticeWillett/status/908494213066690560

Another is to halt legislation credit bureaus are lobbying for that would LIMIT consumer’s ability to sue for sloppy non-existent security of their personal information and cap damages at $500,000!

This toxic mess of a security breach by Equifax and their atrociously bad response is going to get worse. Will it ever get better? Probably not.

Written by

2 Comments
  • GWB says:

    The hackers gained access because the system password was Admin/Admin!

    And this is why any lawsuit against Equifax will be successful – they showed utterly gross negligence in their duties to safeguard information.

    Equifax hires woman with MUSIC COMPOSITION degrees to be Chief Security Officer

    Honestly, I wouldn’t be that worried about this – lots of folks at the CEO level got degrees in things that aren’t what they’re doing now, 30 years later – if the level of incompetence weren’t so vividly demonstrated in this incident.

    warning them about more than 200,000 credit cards that were stolen

    Wait, so why would credit card accounts be on the Equifax servers? If you mean CC numbers, why not say so? Because that’s a lot less troublesome than “credit cards” being stolen.

    cap damages at $500,000

    As long as that’s 1) per violation*, per individual and 2) indexed to inflation or house values, whichever has more growth in any given year, from the original date of the security lapse (NOT the breach).
    (* I define a “violation” as an incident, with a comprehensive single failure of security, or per security failure mode. Oh, and the breach would be (at least) one violation, the not noticing for 6 months would be another, not telling anyone would be another, and then selling your stock would be yet another.)

  • TRX says:

    > Admin/Admin

    Even better, there are claims that the “Permissive Action Link” on American nuclear weapons was “00000000” for nearly twenty years.

    USAF now denies this, but a career in IT has shown that the higher a bureaucrat’s status is, the more they object to even minimal security that might cause them inconvenience.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe
Become a Victory Girl!

Are you interested in writing for Victory Girls? If you’d like to blog about politics and current events from a conservative POV, send us a writing sample here.
Ava Gardner
gisonboat
rovin_readhead