Notebookcheck Logo

Equi-fail: Equifax directs customers affected by hack to fake phishing website

Image: Twitter user Nick Sweeting
Image: Twitter user Nick Sweeting
In another major misstep for Equifax, an employee of the credit services company responded to customer tweets with a link to a fake phishing website. The site, which was styled to look like the official Equifax site dedicated to the hack, was a fake used to demonstrate how easily malicious parties could further exploit Equifax's customers.

Just when you thought things couldn’t get worse for Equifax, leave it to the company responsible for one of the worst cybersecurity blunders in history to screw up yet again. The credit services company has apparently been directing customers affected by the attack to a fake phishing site via Twitter.

Earlier this month, Equifax announced they had discovered a breach in May that exposed the personal information of over 143 million American consumers. As businesses typically do after customer information is stolen, the company quickly set up a free credit monitoring service for people affected by the hack. Customers were directed to sign up for the service at to enroll. However, over the past few days, an Equifax employee directed concerned consumers Twitter to sign up for the service through via the company’s official Twitter account. Readers with a sharp eye will notice that address is not the correct website. In fact, it’s a non-functional phishing site set up by a cybersecurity engineer named Nick Sweeting to show how easy it would be to dupe unwary consumers into giving out even more information.

Sweeting reportedly registered the domain on September 8 (the day that Equifax announced the breach) for USD$10. Sweeting has stated that the site (now inactive) was harmless and retained no customer information. There was no contact information on the site, and several of the links were broken or redirected to the music video of Rick Astley’s “Never Gonna Give You Up.” The site was blacklisted by most browsers but managed to gain over 200,000 hits in the short time it was up. A large part of those hits likely came from the official Equifax Twitter account.

An employee named Tim responded to multiple Equifax customer’s tweets with a link to Sweeting’s fake website as far back as September 9th. Those replies have since been deleted, but the Internet does not forget: some people were able to capture screenshots of Equifax’s replies before they could be deleted.

Sweeting said that he created the fake website in an effort to show how easy it would be for someone to take advantage of the situation. He chastised Equifax, saying that the official URL ( and website look like something a legitimate phisher would use. Sweeting’s fake site was meant to be a warning to consumers about the dangers of phishing attempts and to show how easy it is to trick people into giving out their personal information. Unfortunately for Equifax, the trick worked a bit too well.


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 09 > Equi-fail: Equifax directs customers affected by hack to fake phishing website
Sam Medley, 2017-09-21 (Update: 2017-09-21)