On September 30, the IRS awarded a $7.25 million, no-bid contract to Equifax. Under the contract, Equifax was to help the IRS to verify taxpayers’ identities.
When word of the award got out, both Democratic and Republican Congressional Representatives heaped scorn upon the IRS.
The IRS has now temporarily suspended the contract. The reason for the suspension was the discovery of malware on a Help page at the Equifax web site.
The malware apparently tried to trick visitors to the Help page to download an update to Adobe’s Flash Player. This is an all-too-common method that hackers use to try to get people to voluntarily download and install malicious software.
Above is a screen shot of a typical attempt. The web browser displays a pop-up that asks the computer’s user to install an update to Flash Player. The web browser itself has been redirected to a web site that attempts to fool people that it is legitimate. The address of the bogus web page is adobeupdate2014.com. Adobe Flash’s real address is get.adobe.com/…
Bogus updates to Flash Player have been popular means of trying to trick users because many web sites have used Flash to provide so-called “rich content” … videos, animations, etc.
Flash itself has, for years, been plagued with vulnerabilities, and Adobe itself is throwing in the towel… in 2020.
Apart from the merits of this no-bid contract, each and every computer user should take care not to be tricked into falling for such traps. If one gets a message, either by a pop-up or an email message or whatever, saying that one should update a particular piece of software, or the operating system itself, or one’s email or bank password or contact information, one should not blindly click on any offered links. Rather, one should always go directly to the web site of the software provider or the financial institution, and download any updates or make any needed changes in that way. It is by failing to follow this standard operating procedure that John Podesta was tricked into handing over the keys to his email kingdom to bad guys. We all know how that turned out.