Custom Search

September 21, 2017

Lord Have Mercy! Equifax has been sending consumers to fake site for 2 weeks

As my momma used to say "when it rains, it pours".  If that's the case, Equifax is in the middle of a Hurricane Harvey-esque Cat 5 hurricane of pouring rain.

After "forgetting" to install a security patch to its website which led to the largest data breach in the history of ever, then "forgetting" to tell their 143 million victims that they are and will forever be at risk for identity theft for nearly two months, then "forgetting" to tell anyone about an earlier data breach that Equifax has now confirmed did indeed happen, but "remembering" to let their top execs know about both breaches so they could several million dollars worth of Equifax stock before Equifax stock priced dropped by over a third of its price and "remembering" to donate to their favorite Congressman Barry Loudermilk so he would propose a completely idiotic bill that would provide immense protection to Equifax and the other credit bureaus at the expense of his constituents and the rest of America, NOW it has come to light that, for approximately two weeks, Equifax has been sending victims to a fake website.

Yes, a fake website.  A spoof.  One that puts those victims at even greater risk of identity theft.

Instead of using its own website to help victims of its data breach, Equifax created a whole new site  Guess that added the year so they can keep their breaches straight.  The problem with using a new website instead of their existing one is that phishers and scammers can much more easily create fake websites using variations of the legitimate website's address.  This would include reversing the order of the words or making sites with common typos of the real site name.  In this instance, a mere day after the launch of the legitimate site, scammers had created 194 phishing websites that used addresses similar to the legitimate site.

What's worse than Equifax's boneheaded move in creating a new site instead of using its own site?  Equifax directed victims of its data breach to the WRONG site.  On three separate occasions, Equifax tweeted the incorrect URL for its victims to use. Two of the tweets occurred on September 9 and the last on September 18 (i.e. three days ago!).

The Fair Credit Reporting Act requires consumer reporting agencies such as Equifax to follow reasonable procedures to assure maximum possible accuracy of the credit reports they generate regarding consumers.  I have been suing Equifax for 18 years for violating that section by failing to have, much less follow, reasonable procedures to assure maximum possible accuracy.  Now the public is getting a taste of what I have been seeing for years ... ignorance on top of ineptitude.

Please remember this if and when your Congressman or Senator votes in favor of Barry Loudermilk's bill designed to harm consumers by protecting Equifax from its own gross negligence and boneheadedness.

No comments:

Post a Comment