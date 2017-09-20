Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks (gizmodo.com) 47
An anonymous reader shares a Gizmodo report (condensed for space): For nearly two weeks, the company's official Twitter account has been directing users to a fake lookalike website. After announcing the breach, Equifax directed its customers to equifaxsecurity2017.com, a website where they can enroll in identity theft protection services and find updates about how Equifax is handing the "cybersecurity incident." But the decision to create "equifaxsecurity2017" in the first place was monumentally stupid. The URL is long and it doesn't look very official -- that means it's going to be very easy to emulate. To illustrate how idiotic Equifax's decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words "security" and "equifax" around.) As if to demonstrate Sweeting's point, Equifax appears to have been itself duped by the fake URL. The company has directed users to Sweeting's fake site sporadically over the past two weeks. Gizmodo found eight tweets containing the fake URL dating back to September 9th.
Is someone paying them to be this stupid? (Score:5, Insightful)
Because it's incredible how stupid this whole thing has been.
How can anyone be this bad at their core business?
Re: (Score:3, Insightful)
the "free market" at work: screwing over ordinary people because who's going to stop them?
Re: (Score:3)
Re: Is someone paying them to be this stupid? (Score:1)
Re: (Score:2)
Hiring competent people would eat away at profits!
Re:Is someone paying them to be this stupid? (Score:4, Interesting)
Re: (Score:2)
vote to sweep the entire company clean....and start over.
Won't happen. There is no way they can afford that many multi-million dollar golden parachutes at the same time. And you're not going to see a single executive actually punished over this.
Re: (Score:2)
Re: (Score:3)
Do you think they'd then be required to sell their database info
I thought I heard it's already available online somewhere. Can't put my finger on where I heard that though.
Re: (Score:2)
My thought exactly.
Re: (Score:2)
How can anyone be this bad at their core business?
Their core business is, literally, collecting and sharing information. They shared it with a few too many people in this case, but hey, can you blame an over-achiever?
Re: (Score:2)
Their core business is maintaining an oligopoly on an essential service, and they do that well. Keeping information safe is not part of their core business, and thus, they pay little attention to it.
Re: (Score:2)
Generating a arbitrary number that affects their cattles ability to get a loan? Thats their core business.
Re: (Score:2)
Re: (Score:2)
From Slap-On-The-Wrist fines for the Financial Industrial Complex, to the Too-Big-To-Fail bailouts for the US auto industry, tell me again how obscene incompetence and criminal behavior has been anything short of rewarded?
THAT is how they can be this bad. Turns out it's actually worth it to put in a fucking half-assed effort.
Re: (Score:2)
Put them to death! (Score:3)
SFWeekly is calling for all Equifax employees to be executed [sfweekly.com].
In all seriousness, the Equifax credit freeze does not work very well, and their freeze needs to work over Experian and TransUnion (and Equifax should pay for it).
Re: (Score:3)
Additionally (Score:3)
It's worth pointing out that it's pretty stupid to use a link obfuscator (aka short URL service) in this situation... which this "Tim" person from Equifax also did - he used a link shortener to direct people to the fake website!
(I'd argue link shorteners are evil in general, but that's a discussion for another day)
Re: (Score:2)
(I'd argue link shorteners are evil in general, but that's a discussion for another day)
Yeah, it seems like obfuscation of links causes more problems than I'd like. But in a world where lots of common services have a character limit (not just Twitter--even Slashdot's signature function is severely limited), sometimes a shortener is a necessity.
Wow (Score:2)
The level of Equifax's ongoing idiocy is amazing. Almost impressive, even.
The fact that they can't even get the most basic security things right strongly suggests that their core business activities are likely to be run with the same amount of incompetence.
Re:Wow (Score:4, Funny)
Don't forget that they have a talent deficit: they just lost their head of information security.
Re: (Score:3)
I'm an expert -- I have a degree (Score:1)
In music.
It's still not safe! (Score:4, Insightful)
This leads me to believe that the hackers didn't just get the website and the database. They got the entire network and that Equifax up until today is unsure if their network is safe yet. Equifax's decision to host the new website in CloudFlare is to make sure that they don't give additional information to hackers who are ALREADY in.
Re: (Score:2)
So after all these security fuckups, you think they're competent enough to get the idea that they have no idea whether their network is compromised?
Re: (Score:2)
So instead of giving my information to the hackers that have breached Equifax's network, I get to hand it over the the hackers that have breached CloudFlare's network. Better or worse?
No network is secure.
Re: (Score:2, Insightful)
They could have easily created a subdomain under the official equifax.com domain but still made the IP under Cloudflare or whatever they wanted to do. They're just idiots.
The only reasonable solution... (Score:2)
Wall street is also turning into a clickbait scam! (Score:1)
For Immediate Release and Action (Score:2)
You're all fired, for cause, effective immediately. Concordant with a for-cause firing, any and all severance benefits are rendered null and void. Surrender all company property, including cell phones and computers, to HR immediately. Please collect your personal effects; security will be instructed to escort you off company property no later than 18:00 EDT.