I wrote this letter to Equifax today:
I got an email from TrustedID Customer Service <email@example.com> today. In it there was a sure sign of a phishing attack, only it wasn’t.It reads like so:Subject: New Credit Monitoring Alert…We’ve noticed a change on your credit report, and we encourage you to log in to your account to view details at www.trustedid.com.Notice that the text reads “www.trustedid.com” but the link behind it reads “http://click.e.equifax.com/?qs=b15633469f1…”Don’t do that shit. There is arguably only one key bit of protected information on the internet, domain names. Customers should only ever click on matched text and links. If you get customers used to clicking mismatched text and links, you get them used to being scammed.Please write back and tell me you’ll fix this type of error in your emails.Thank you,
Don’t forget about unicode urls: h t t p s : / / http://www.xudongz.com/blog/2017/idn-phishing/
TrustedID’s useless response:
And my followup:
I suspect the broken survey link is an attempt to keep my dissatisfaction under wraps. That won’t happen.
The only response I got back from Equifax/TrustedID is an email saying “We are pleased to inform you that your case is now closed.”
That is not cool.
I tried to write to them on the NEW feedback form but when I tried to submit it, again I got a message saying “Error:
The time to submit this survey has expired.”
Here’s what I tried to write on the feedback form:
Next, I’ll open a new case and try again, maybe taking a different tact this time.
Here is my latest email back to Equifax Customer support (firstname.lastname@example.org)