Sloppy Equifax

I wrote this letter to Equifax today:

 

I got an email from TrustedID Customer Service <no-reply@trustedid.com> today. In it there was a sure sign of a phishing attack, only it wasn’t.

It reads like so:
Subject: New Credit Monitoring Alert
We’ve noticed a change on your credit report, and we encourage you to log in to your account to view details at www.trustedid.com.
Notice that the text reads “www.trustedid.com” but the link behind it reads “http://click.e.equifax.com/?qs=b15633469f1…”
Don’t do that shit. There is arguably only one key bit of protected information on the internet, domain names. Customers should only ever click on matched text and links. If you get customers used to clicking mismatched text and links, you get them used to being scammed.
Please write back and tell me you’ll fix this type of error in your emails.
Thank you,

Lee Sonko

6 Comments

  1. Peter says:

    Don’t forget about unicode urls: h t t p s : / / http://www.xudongz.com/blog/2017/idn-phishing/

  2. lee says:

    Oh joy.

  3. lee says:

    TrustedID’s useless response:

    Dear Lee Sonko,

    We appreciate the opportunity to address this matter.

    The following answer may address your concern:

    TrustedID Premier is a subsidiary product offered by Equifax, which includes credit file monitoring and identity theft protection, complimentary for one year. In order to request a copy of your credit report, please call 1-866-349-5191 Working Hours: 8:00 A.M. – 8:00 P.M. EST (Monday – Friday) or you can also visit the website: http://www.equifax.com/CreditReportAssistance

    For more information on credit monitoring services & alerts, please visit the following link: http://www.trustedid.com/cm_faq.php

    To speak with a representative, please call 1-888-548-7878 Working Hours: 8:00 A.M. – 9:00 P.M. EST 7 days a week.

    Thank you for contacting Equifax,

    Monis
    Equifax Customer Care Team

    ref:_00D37JpPm._50037JOzRX:ref

  4. lee says:

    And my followup:

    Hi, I’m sorry but you didn’t address my concern.

    Since the purpose of TrustedID is to protect customer security, it is my hope that your organization would use online etiquette that would promote such security. Could you please bring my issue to someone in your organization that deals with such issues?

    Additionally, the survey link that you sent me did not work. I filled out the “Case Closed Survey” form but when I submitted it, I got a response saying “Error: The time to submit this survey has expired.” Please send another, non-expired link. Thank you.

    Thank you,
    Lee Sonko

    I suspect the broken survey link is an attempt to keep my dissatisfaction under wraps. That won’t happen.

  5. lee says:

    The only response I got back from Equifax/TrustedID is an email saying “We are pleased to inform you that your case is now closed.”

    That is not cool.

    I tried to write to them on the NEW feedback form but when I tried to submit it, again I got a message saying “Error:
    The time to submit this survey has expired.”

    Here’s what I tried to write on the feedback form:

    Here’s what happened: I wrote to Equifax with an issue. Equifax wrote back with a canned, useless answer, additionally, the Feedback Survey link did not work. I wrote back asking for more help and a valid Feedback survey link. The ONLY response I got was a message saying ” We are pleased to inform you that your case is now closed.” And here I am telling you about it.

    Here is the original case number that I filed: #180227-936461.
    The current case number is #180227-936461.

    You can follow the conversation chain on my blog here: https://www.lee.org/blog/2018/02/27/sloppy-equifax/

    Next, I’ll open a new case and try again, maybe taking a different tact this time.

  6. lee says:

    Here is my latest email back to Equifax Customer support (customer.care@equifax.com)

    Please reopen this case. It has not been resolved.

    This is the second time my case has been “closed” by customer support without any resolution. This time, I received absolutely no response except for a “you case is now closed” message. And just as before, the link to the customer feedback survey is broken.

    I would appreciate a reasoned response to my initial request. If there are any questions, you can follow this discussion on my blog here: https://www.lee.org/blog/2018/02/27/sloppy-equifax

Leave a Comment

Do not write "http://" in your comment, it will be blocked. It may take a few days for me to manually approve your first comment.

You can edit your comment after submitting it.