Equifax Inadvertently Sent Consumers to A Phishing Site
After a security breach exposed the personal information of 143 million Americans and approximately 500,000 Canadians and Brits, Equifax set-up an informational website for consumers: www.equifaxsecurity2017.com.
Unfortunately, since September 9, a mere two days after announcement of the breach, a user named Tim began tweeting from Equifax’s official Twitter account and directing users to a spoof website: www.securityequifax2017.com.
Fortunately, the spoof website is not a real phishing attempt. The creator, Nick Sweeting, said he developed the website to criticize Equifax for creating “an easily impersonated domain” for their website. Real phishing scams use slight misspellings of real websites in an attempt to trick people into entering their personal information.
Sweeting told The Verge, who first reported on the erroneous tweets, that he wanted to draw attention to how recklessly he felt Equifax was handling people’s personal information. He said the company erred when posting a security site on a separate domain instead of using equifax.com, as it “makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”
An Equifax representative told Slate the erroneous tweets had been deleted. “All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion.”
The company did not explain how the mistake was made.
Since the incident was first announced earlier this month, Equifax has been criticized for how they have handled the breach. They are facing a number of lawsuits and a possible federal investigation.