Way to go Equifax

Earlier this month I wrote about how we can’t trust Equifax with our personal data. I’m not sure we can trust them with a cotton ball. Today, we discover Equifax has been sending consumers worried about their personal information leaking to the wrong site.

[O]n multiple occasions over the span of weeks, the company’s official Twitter account responded to customer inquiries by apparently directing them to a fake phishing site called www.securityequifax2017.com.
Luckily, the fake site — blocked or flagged by many Internet browsers, then taken down Wednesday afternoon — was set up by software engineer Nick Sweeting to educate people rather than steal their information. A banner on the top read: “Cybersecurity Incident & Important Consumer Information Which Is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?” NPR

Microsoft changes
A DMARC warning

Related Posts

About those degrees…

There is a meme going around related to the Equifax hack that points out an executive in charge of security doesn’t have a degree related to security.
Surprise! A lot of the folks who currently keep us safe on the internet don’t have degrees in security. They just didn’t exist when we were in school. I think Paul summed it up best:

Read More

Mailbox tools are a security risk

On Sunday the NYTimes published an article about Uber’s CEO. One of the pieces of information that came out of that article is services like unroll.me sell information they scrape out of emails sent to their users.

Read More

People are the weakest link

All of the technical security in the world won’t fix the biggest security problem: people. Let’s face it, we are the weakest link. Adding more security doesn’t work, it only causes people to figure out ways to get around the security.

Read More