I just clicked on an api.equifax.com link in a text message

15 points by barnabees 3 years ago | 10 comments

I was filling out a rental application on on-site.com and a modal popped up telling me I had been texted a link and had 5 minutes to resend the link. I got a text from 32858 and it was of the form https://api.equifax.com/business/secure-mfa/v2/authentications/verification-tokens/<long hexstring>/verify. I clicked on it and it took me to a page that just had the text, "Authentication completed. Return to your application," or something like that. I don't remember what the domain was.

I couldn't find anything online about this, so I'm wondering, is this legit? Or is this somehow an elaborate ploy to steal my identity? What's also weird is that the website didn't change after I clicked on the link, but at some point I saw a back button on the page which closed the modal, and now I'm wondering if that button was there the whole time. Also, if I tap on the link again, I get redirected to secureauth.io/expired, but I can find no information about that domain online. My co-applicant never had the modal pop up and never got a text.

anomaloustho 3 years ago |

On-Site.com is a legitimate company (used to work there). They use a lot of integrations and third party services for credit/background checks. AFAIK, they were even using a vendor that would try to get court documents if records couldn’t be found for an individual.

It was subsequently acquired by Realpage. (also a legitimate company) Surprised to hear anything is still running at the On-Site domain name, but checking the WHOIS shows that the domain is pointing at RealPage servers, so it seemingly hasn’t been squatted on.

If it was legitimately the On-Site.com domain I think you’re fine. More likely just a kludgy bug.

If you have a link to the form, I can pass it along to the On-Site folks to verify.

barnabees 3 years ago | |

I don't have a link to the form, but it would be good to verify that this is legit (if that's something you would be able to do). It's an unusual workflow imo so I just wanted to double check

ftyhbhyjnjk 3 years ago |

Delete your account immediately. Also, drop a message to support with this details before you delete it. Remove any/all saved credit/bank accounts details on site, if any.

The link is legitimate, but can't say the source from which it was generated. These kind of links can be generated by 3rd parties too.

MerelyMortal 3 years ago |

Sounds like they were doing a background/credit check which is pretty standard for apartment(?) rental agrements.

The only question I have is: did they ask you for permission or notify that they were going to do so?

barnabees 3 years ago | |

There was the modal so they did notify me

joneholland 3 years ago |

This just seems like a kinda shitty implementation of sms 2FA.

Equifax is the third largest credit agency, and I’m sure the rental site partners with them.

Nothing to worry about.

willcipriano 3 years ago |

> elaborate ploy to steal my identity

Unless you think the idea is that are going to clone you, pod people style. Nobody can steal your identity, what they seek to do is defraud a bank or credit institution, you aren't really involved besides them incidentally using your name to do so. I wouldn't worry about it unless you get a bill or have something wrong on your credit report.

__ryan__ 3 years ago | |

https://en.m.wikipedia.org/wiki/Identity_theft

willcipriano 3 years ago | | |

https://m.youtube.com/watch?v=CS9ptA3Ya9E

stop50 3 years ago |

I think they tried to steal youre identity.