Equifax Website Caught Redirecting Visitors to Fake Flash UpdatesNovember 7, 2017
Of late, the going has been tough for national credit rating bureau, Equifax, as well as its customers - most of us! In September of this year, the company revealed a security breach that took place in May and exposed personal information (Social Security Numbers, names and other details) of around 145.5 million Americans and 15.2 million individuals from the UK. Now the company is in the news again with a security researcher spotting an ad campaign spreading malware from the company’s website.
On Wednesday, October 11, Randy Abrams, an independent researcher, spotted malicious ads on the Equifax website designed to trick visitors into installing a fake Adobe Flash update. Mr. Abrams had visited the site with the intention of contesting recent suspicious activity on his credit report; but, when he noticed the malware, he decided to investigate further. After being redirected to the fraudulent Flash website, he downloaded the malicious payload being offered. An initial scan conducted on the file with VirusTotal showed that only three security apps – Symantec, Panda and Webroot, were able to identify it as malicious.
Referred to as Adware.Eorezo by Symantec, the malware wasn’t very dangerous – all it did was inject ads into Internet Explorer browser windows. In fact, according to Symantec, variants of this virus have been existent on the Web since 2012. However, most of Equifax’s customers remain puzzled by one question – how did malicious advertising (or “malvertising”) infiltrate the Equifax website?
If truth be told, companies like the New York Times, Yahoo and AOL have all had to deal with this sort of malware at some point or another. Usually cybercriminals who unleash these kinds of attacks first look for popular websites to target and then hunt for weaknesses in their advertising code. It is worth noting that, in most cases, the vulnerable code, as well as the entire advertising system, belongs to a third-party provider, and not to the actual website.
The same proved to be the case for Equifax. When approached for an official comment, the company declared that its systems were not compromised and that the issue had no effect on the bureau’s consumer online dispute portal. Equifax stated that the matter involved a third-party vendor that it had employed to collect website performance data, and it was really the vendor’s code running on the credit bureau’s website that served the malicious content. Once Equifax learned of the issue, it removed the vendor’s code from the webpage and took it offline to conduct further analysis.
Thus, it would perhaps not be fair to blame Equifax for this entire fiasco. Having said that, it cannot be denied that the company should take preventive measures of its own and further encourage its online partners to identify and fix any shortcomings in their security systems. Given that the information stored by the company is extremely sensitive, it should take all steps possible to protect its customers.
$50,000 - $250,000 at 0% Interest:
At Fund&Grow, we help clients with good credit obtain as much as $250,000 of unsecured credit at 0% interest. This amount is available for a period of 6, 12 or 18 months and can be used for anything from financing a small business to providing down payment on a property. Interested? Call us at (800) 996-0270 and we’ll get you started immediately!
Want Actionable Information, Tools and Resources To Quickly Acquire Business Capital, Credit and Funding?
have a question?
Our business experts are available to answer questions Monday - Friday from 9:30 a.m. - 5:30 p.m. EST
Watch our business credit webinar:
Obtain $250,000 Business Credit
Let's Stay Connected on Social Media!
For over 14 years, Fund&Grow has helped 30,000+ business owners get access to over 1.4 Billion dollars of business funding. We're on a mission to empower the small business owner by helping them tap into the smartest form of funding: Unsecured Business Credit – so that they can achieve their goals and dreams.
"Fund&Grow was created to empower small business owners, but more importantly, to support entreprenuers in achieving their business and personal goals while they lead the way towards innovation." - Ari Page CEO of Fund&Grow
Ari Page and the Fund&Grow team help business owners obtain access to credit despite the ambiguous lending climate. Many people feel ripped off and scammed by the bank bailouts and wonder why they can't use the system to their advantage the way the big banks did. If you have good credit, the Fund&Grow program will get you the funds you need to grow your business.
Find 4,000+ 4.9-star average customer testimonials on the following platforms: Facebook, SoTellUs, Trustpilot, Google, BBB, among others.
All loans are subject to lender approval based upon credit criteria. $50,000 to $250,000 in business credit is for highly qualified clients over the term of the membership with multiple credit card batches and/or credit lines. Introductory rates of 0% apply to purchases and/or balance transfers after which it reverts to an interest rate, which varies by lender as disclosed in the lending agreement. Fund&Grow is not a lender.
© 2022 Fund&Grow. All Rights Reserved.