If you live in the United States there’s a good chance that you already know what Equifax is, and if you don’t already know what Equifax is then you’re probably going to get a not-so-great first impression of the business from this article. Equifax is one of three companies required to provide credit reports for US citizens by the federal government.
Last month, Equifax announced that they had been hacked all the way back on July 29th, 2017. While this hacking was a huge issue, I already covered this topic extensively last month in an article about the July Equifax hack, and Equifax has also had some more mishaps sense then.
The most recent blunder in the Equifax saga happened just yesterday, on Thursday, October 12th, when Equifax’s “Other Ways to Obtain a Free or Discounted Credit Report” webpage under the credit report assistance directory gained attention from Ars Technica – a website that publishes articles about technology and other topics.
If you live in the United States there’s a good chance that you already know what Equifax is, and if don’t already know what Equifax is then you’re probably going to get a not-so-great first impression of the business from this article. Equifax is one of three companies required to provide credit reports for US citizens by the federal government. Last month, Equifax announced that they had been hacked all the way back on July 29th, 2017. While this hacking was a huge issue, I already covered this topic extensively last month in an article about the July Equifax hack, and Equifax has also had some more mishaps sense then.
The most recent blunder in the Equifax saga happened just yesterday, on Thursday, October 12th, when Equifax’s “Other Ways to Obtain a Free or Discounted Credit Report” webpage under the credit report assistance directory gained attention from Ars Technica – a website that publishes articles about technology and other topics.
Why did Equifax’s website gain attention from Ars Technica you ask? Because Equifax’s page was sending users to a malicious download link. Upon clicking the “Other Ways to Obtain a Free or Discounted Credit Report” button, users would be redirected to a fake Adobe Flash download page. If the user was unfortunate enough to click the “Adobe Flash” install button, their PC would be treated to free adware.
After the malicious download link was outed by Ars Technica, Equifax took down that specific compromised webpage. If you’re bored and have a minute to spare, and if you read this article shortly after its publication, you can follow along the video posted below showing you the steps you to get to Equifax’s offline “Other Ways to Obtain a Free or Discounted Credit Report” webpage.
If you weren’t able to watch the video and don’t want to use your imagination, here’s a picture of what the offline page looks like on my device.
The sad truth is that cyber security is largely a reactive field. While Equifax’s link redirecting to a malicious webpage can be indicative of poor cyber security practices, no one knows what their weaknesses are until they have their flaws exposed.
For example, one day I had just published an article and was checking a website I had published it on to make sure that everything was in order (It was not this website for anyone wondering). When I clicked the link to the article I had just published, instead of going to the article’s web address I was redirected to an error page. After trying to access the article multiple times without receiving a different result, I tried looking through some of my other recent articles to find that some of them were also throwing up errors. The article links were fixed, but not until after I discovered that there was a problem.
While accessing a credit report site is much more important than accessing a technology blog, at the end of the day both sites are run by people and user error is the one common denominator in everyone. I do not say this to defend Equifax’s case, rather to emphasize the importance cyber security has as a reactionary force.
But in order for cyber security to perform its job of reacting, it has to be active, which brings into question whether Equifax has any closed-loop systems on their website that can automatically detect and respond to unwanted changes. We already know that these systems did not exist for the “Other Ways to Obtain a Free or Discounted Credit Report” web page because Equifax only changed it after it was discovered and an article was released about it on Ars Technica.
If you are launching a website soon, or if you already have a site up but think you could use some assistance, ComputerServiceNow boasts a full IT team and we offer IT Consulting. Don’t get caught multiple times in a row with your pants down like Equifax. If you need IT help we offer it.
If you want to get even angrier at a business responsible for keeping track of extremely sensitive personal information, here’s another incident that happened between last month’s post and now: http://www.npr.org/sections/thetwo-way/2017/09/21/552681357/after-massive-data-breach-equifax-directed-customers-to-fake-site.
And if you want to share this story on social media, feel free to use this hashtag #Equihax