Oops They Did It Again! Equifax Directs Customers to Fake Phishing Site

Someone taught them a lesson

Equifax Inc. is seen, Saturday, July 21, 2012, in Atlanta. Equifax Inc. is a consumer credit reporting agency in the United States, considered one of the three largest American credit agencies along with Experian and TransUnion. Founded in 1899, Equifax is the oldest of the three agencies and gathers and maintains information on millions of credit holders worldwide. Equifax is listed on the NYSE and is based in Atlanta. (AP Photo/Mike Stewart)

It’s hacking season, ladies and gentlemen and Equifax is another victim of this breach. Earlier this month, hackers broke into Equifax’s servers and stole millions of customers’ personal information. Ever the superhero, Equifax attempted to remedy the hack by setting up a website designed to verify an affected customer. Sounds like a fool-proof plan, right? Wrong!

Equifax created a site but unfortunately, the credit bureau tweeted the wrong URL, using securityequifax2017.com instead of equifaxsecurity2017.com. This discrepancy further proves the necessity to have more security online, being that the breach-recovery site is not directly a part of Equifax. That’s a fuck up times two! Luckily for Equifax, the phishing site wasn’t working for the dark side.

Nick Sweeting, the developer of the fake phishing site, created it to expose the flaws on Equifax’s response page. Sweeting states that “I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it” and continues that “It makes it ridiculously easy for scammers to come in and build clones”.

This latest outcome proves that Equifax and, all websites in general, have some major work to do regarding customer privacy. Get your shit together Equifax.

[Via The Verge]

You might also like