Skip to main content

Security Alert: Equifax Serving up Malware




Brandon Hall
Director of Technology

We just found out that big-three consumer credit bureau Equifax says it has removed third-party code (Malware) from its credit report assistance Web site that prompted visitors to download malicious software disguised as an update for Adobe's Flash Player software.

The actual site was http://www.equifax.com/CreditReportAssistance/?/CreditReportAssistance which has since been sanitized. Anyone that has gone to the site mentioned and has seen the fake popup to install flash player from this site and then clicked install OR quit instead of closing the window with the X should have their machine sanitized by a professional.

More information and a photo of the screen you would have seen on the KrebsOnSecurity website here: https://krebsonsecurity.com/2017/10/equifax-credit-assistance-site-served-spyware/ 

In addition to the personally identifiable information that Equifax leaked, they also appear to have lost historical information on your salaries as in what you’ve made in the past years. This kind of information can allow malicious people to more accurately select the higher wage earners for additional attacks and even to cherry pick higher income people to attempt tax return fraud, which is where they file your taxes with the feds or state before you do and get your returned money. Thanks to the main original breach, they should have everything they need in order to file them.

More info on tax fraud here:
https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft

BRANDON HALL | DIRECTOR OF TECHNOLOGY   636.695.2820   BHALL@FIRSTHEARTLAND.COM
 

Share this
Drupal 6 Appliance - Powered by TurnKey Linux