Since when...
... Is Equifax a bank? A consumer credit information tat bazaar perhaps (especially when they sell on your information without your express consent), but NOT a bank.
Equifax typo derails digital cert
Equifax has followed HSBC in making a hash of renewing one of its digital certificates. Consumers logging onto Equifax's UK website last week were greeted with a notice that the site couldn't be verified because its certificate had expired. That's the same problem HSBC banking business customers also experienced last week when …
This topic is closed for new posts.
Equifax are now on my blacklist
Equifax are now on my blacklist..
and will have to pay 1 pound for the privilege of having me look up why in my database to tell them why.
Purely an administrative charge you understand
It's not just HSBC and Equifax,
one other high street bank has an ongoing problem with its certificates, where, when online banking you occasionally find one that is least a year out of date. When I contacted them they didn't seem interested and just suggested I connect again.
This would be the same Equifax...
that somehow managed to pass on a unique email address that I used only once to apply for my credit info to a phisher?
I use unique email addresses for each business I deal with to catch any spammers (ie: equifax@insertmydomainhere.com) and almost 2 yrs after getting my credit record from them, I received a phishing attempt mailed to, yep, equifax@insertmydomainhere.com.
It took many weeks of trying to explain this to them until I got hold of a security bloke there who understood why I was concerned (they sell identity fraud insurance after all) but after investigating couldn't explain how this had happened.
Not Trivial
Article says "such slip ups are trivial but embarrassing".
If we spend time educating users to pay attention to the padlock and warnings given off by browsers then how is labeling this as something they can safely ignore going to help. FFS.
Paris - because she is neither trivial nor embarrassing.
RE: This would be the same Equifax...
Did you entertain the possibility that the spammer might just have guessed your email address?
"Unique" E-mail addresses aren't secure
"I use unique email addresses for each business I deal with to catch any spammers (ie: equifax@insertmydomainhere.com) and almost 2 yrs after getting my credit record from them, I received a phishing attempt mailed to, yep, equifax@insertmydomainhere.com."
Not surprising - just a brute-force attack. Spammers frequently send mails to {dictionary-of-usernames}@{dictionary-of-domains}. It's cheap and easy for them to do, and lets them discover new addresses to spam.
To prevent this happening, you should add a sufficiently long strong random cookie into each username you generate, e.g.
equifax-701c9a3c@insertmydomainhere.com
Or you could use something more sophisticated like BATV, which encodes an expiry timestamp and a signature into the address.
There's no evidence of Equifax having misappropriated your data here.
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Linux on the Desktop
Lessons from mainstream business adoption - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - The BI Inflexion Point
Information is a right, not a privilege - The Evolving Security Landscape
Reg Webinar - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - The Register's Green Computing Debate
An on-demand webcast
