The Equifax data breach, which occurred earlier this month, has been one of the worst security incidents in years. 143 million people have had their information compromised by the data breach, many of whom have never used the Equifax service themselves. In response to the attack, Equifax setup a website to allow users to check on whether or not they had been affected by the data breach. Unfortunately, their choice of domain name is so generic that even their support team has been getting the address wrong.
Earlier this week, news started to circulate that Equifax’s official Twitter account had directed a user to a fake website by accident. Further research into the incident showed that this is not the first time that users had been misdirected, and at least three other incidents have occurred since September 9th.
Thankfully, the fake website is not malicious; instead it is a fake website setup with the intention of exposing the risks of the official Equifax website. Nick Sweeting setup the fake website shortly after Equifax started sending clients to their own “www.equifaxsecurity2017.com” domain. Sweeting expressed concerns over the fact that because domain was generic and was not hosted on the official Equifax domain, scammers would have an easy time fooling users with a fake website. Since users need to give some of their private information in order to check if they are involved with the original security breach, fake phishing websites are particularly dangerous and easily convincing. For his own forgery, Sweeting setup securityequifax2017.com and then copied the look of the official website.
Sweeting revealed that his fake website received around 2000 hits in the days before it went viral on Twitter. He has stressed that any information entered on the website is not stored and that his intentions were not malicious, instead he wants people, especially Equifax, to be aware of the dangers.
“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” Sweeting said. “I can guarantee there are real malicious phishing versions already out there.”
Since the Twitter incident, Equifax has removed all Tweets containing the incorrect URL and have issued an apology. Sweeting’s fake website also appears to have been flagged by Google since the website went viral and is now listed as a deceptive website. Regardless, the points made by Sweeting are a legitimate concern. Following the release of the official website, 194 domain names with similar names were registered, many of which point to actual dangerous phishing websites. While many of them have been taken down or flagged, there is no doubt numerous copycats still in operation. For this reason, we strongly advise everyone to exercise caution before submitting personal information into any website and to only follow links from official confirmed sources.