Posts tagged ‘Nick Sweeting’

Stone Cold Lead Pipe Lock Prediction: Equifax Will Be Changing Its Name Within 18 Months

Whether it be via bankruptcy, a merger, or just an internal rebranding, I am pretty sure the Equifax name will not exist in 18 months**. I had a class in business school that studied cases from a number of corporate PR emergencies -- J & J's aggressive handling of the Tylenol poisoning cases is frequently studied as the gold standard for how to handle such a crisis.  However, most of the cases involved companies repeatedly firing additional rounds into their foot.  Equifax seems to be working from this latter script: (via Zero Hedge)

“Today, Equifax ended up creating that exact situation on Twitter. In a tweet to a potential victim, the credit bureau linked to securityequifax2017.com, instead of equifaxsecurity2017.com. It was an easy mistake to make, but the result sent the user to a site with no connection to Equifax itself. Equifax deleted the tweet shortly after this article was published, but it remained live for nearly 24 hours.”

Further research revealed three more tweets that had sent potential victims to the same false address, dating back as far as September 9th. These tweets have also since been deleted.

“Luckily, the alternate URL Equifax sent the victim to isn’t malicious. Full-stack developer Nick Sweeting set up the misspelled phishing site in order to expose vulnerabilities that existed in Equifax's response page. “I made the site because Equifax made a huge mistake by using a domain that doesn't have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting tells The Verge. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”

I recently froze my credit history at the four major credit monitoring companies.  I was super paranoid about making sure the domain I was entering my personal data into was a subdomain of company's domain.  Freeze.equifax.com would probably be safe.  But equifax.freeze.com would very likely be a phishing site.  As would be www.equifaxfreeze.com or www.freeze.com/equifax.  I know from training our employees on subdomains we use in our own company's web site that 99% of my employees do not understand the differences between these addresses.

 

** Because I can be a jerk but in generally harmless ways, for several years after the Valujet crashes in the Florida swamps I told my friends -- who were flying AirTran to save money -- that they should consider flying Valujet, which I claimed was even cheaper on those routes.  They said no way they would fly Valujet after Valujet had two crashes in a row that were ascribed to lax safety standards.  AirTran at the time was Valujet with the name changed.