Someone made a fake Equifax website to share information about the company’s lack of cybersecurity.
And Equifax actually linked to the fake website, according to The New York Times.
Nick Sweeting, a software engineer, built a website called EquifaxSecurity2017.com that looked a lot like Equifax’s normal website.
And Equifax shared several tweets that directed users to that website. Upon realizing it was a fake, the company’s Twitter account deleted those tweets, The New York Times reported.
Sweeting’s website was then blacklisted by all major browsers and — despite its 200,000 hits — it was taken down.
Sweeting was rather blunt about his website’s purpose. He mimicked Equifax’s layout and design to show consumers just how easy it is to hack the credit monitoring report’s website.
“Their site is dangerously easy to impersonate,” Sweeting told The New York Times. “It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.”
https://twitter.com/thesquashSH/status/910512164938665984He added, “It’s in everyone’s interest to get Equifax to change this site to a reputable domain. I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
As The Verge reported, Sweeting’s website “isn’t malicious.” He told The Verge that Equifax made a mistake by sending people to his website, one he hopes they’ll learn from in the future.
“It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info,” he told The Verge.
Equifax previously faced criticism for the way it handled its controversy earlier this summer when more than 143 million people’s information was hijacked, as the Associated Press reported.
To find out if users were hacked, they had to sign into Equifax and enter their Social Security number, as well as other information, worrying users.
With this latest hiccup, Equifax’s response team needs to be fixed, according to The Verge.
“Although the misspelled link likely wasn't intentional on Equifax's part, it demonstrates just how easy it is for attackers to trick consumers — even the company's own support team was fooled. It also shows a lack of a consistent response strategy,” The Verge explained. “I don't necessarily blame the support team, as they're likely freelancers hired for this breach, but Equifax needs to get its response strategy together.”