Notebookcheck

Equi-fail: Equifax directs customers affected by hack to fake phishing website

Image: Twitter user Nick Sweeting
Image: Twitter user Nick Sweeting
In another major misstep for Equifax, an employee of the credit services company responded to customer tweets with a link to a fake phishing website. The site, which was styled to look like the official Equifax site dedicated to the hack, was a fake used to demonstrate how easily malicious parties could further exploit Equifax's customers.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team!

Currently wanted: 
German-English-Translator - Details here

Just when you thought things couldn’t get worse for Equifax, leave it to the company responsible for one of the worst cybersecurity blunders in history to screw up yet again. The credit services company has apparently been directing customers affected by the attack to a fake phishing site via Twitter.

Earlier this month, Equifax announced they had discovered a breach in May that exposed the personal information of over 143 million American consumers. As businesses typically do after customer information is stolen, the company quickly set up a free credit monitoring service for people affected by the hack. Customers were directed to sign up for the service at www.equifaxsecurity2017.com to enroll. However, over the past few days, an Equifax employee directed concerned consumers Twitter to sign up for the service through securityequifax2017.com via the company’s official Twitter account. Readers with a sharp eye will notice that address is not the correct website. In fact, it’s a non-functional phishing site set up by a cybersecurity engineer named Nick Sweeting to show how easy it would be to dupe unwary consumers into giving out even more information.

Sweeting reportedly registered the domain on September 8 (the day that Equifax announced the breach) for USD$10. Sweeting has stated that the site (now inactive) was harmless and retained no customer information. There was no contact information on the site, and several of the links were broken or redirected to the music video of Rick Astley’s “Never Gonna Give You Up.” The site was blacklisted by most browsers but managed to gain over 200,000 hits in the short time it was up. A large part of those hits likely came from the official Equifax Twitter account.

An employee named Tim responded to multiple Equifax customer’s tweets with a link to Sweeting’s fake website as far back as September 9th. Those replies have since been deleted, but the Internet does not forget: some people were able to capture screenshots of Equifax’s replies before they could be deleted.

Sweeting said that he created the fake website in an effort to show how easy it would be for someone to take advantage of the situation. He chastised Equifax, saying that the official URL (equifaxsecurity2017.com) and website look like something a legitimate phisher would use. Sweeting’s fake site was meant to be a warning to consumers about the dangers of phishing attempts and to show how easy it is to trick people into giving out their personal information. Unfortunately for Equifax, the trick worked a bit too well.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 09 > Equi-fail: Equifax directs customers affected by hack to fake phishing website
Sam Medley, 2017-09-21 (Update: 2017-09-21)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.