By now, I am sure you are aware that Equifax has caused the private information of almost half of the people in the United States to enter the public domain. It is supposedly in the hands of hackers, who may be selling this information as we speak.
I went in and attempted to signup. I am not able to complete the process as yet. Every time I tried, the site crashed, or I do not receive the verification email. Well, things changed tonight. I just received an email, supposedly form Equifax with the subject, “An update from Equifax.” The email states:
Dear Last name Last Name,
It is time to take the final steps in enrolling in your free product, TrustedID Premier, by verifying your identity. To do this, you’ll need to answer some questions about yourself. Successfully completing this step will conclude your enrollment process and activate your product.
To verify your identity and activate your product, please click the link below:
This link will remain active throughout the enrollment period, which expires on Monday, November 20, 2017.
If you did not request this email or if you have any questions, please contact us
Your Equifax Customer Care Team
I saw this email and it immediately aroused my suspicion. First, they addressed me by my last name twice. A second thing that aroused my suspicion was that it came from TrustedID. They included a link to the TrustedID site. That site is supposedly at https://trustedidpremier.com. They also claim that TrustedID is an Equifax product.
I seriously could not believe this. I am thinking that this makes it very easy to phish users and totally take over their identities. Equifax should keep users at their main site. This is too sensitive of an issue to be having users go all over the place. At least give users the ability to come to your main site and explain what is going on there and then redirect them.
If this is not a phish, Equifax gets a failing grade from me so far. I will not be clicking on that link until they can convince me it is not a phishing attempt.
This one year credit monitoring will not suffice. Why would the hackers not wait out the year? They should be forced to pay for lifetime credit monitoring and alerts to compromised users. Now I know why my credit card was used in England to purchase a $700 cellphone. Thank goodness for American Express, they know I did not venture to that side of the pond to buy cellphones with British currency.