Equifax accidentally sent hack victims to a phishing site

A company has to have some major internal issues if it can fuck up so bad that it lets hackers leak out the personal information of 143 million people, keep quiet about it for several months, and let executives quietly dump a bunch of high-value stock before letting the public know about what happened, but Equifax is just that kind of company. The many fuck-ups of Equifax actually go a bit beyond that, including an attempt to force people to sign an agreement relinquishing their right to sue the company if they chose to use its free identity-protection service, and now it has inadvertently put its customers in danger once again thanks to another stupid mistake.

As reported by Mashable, Equifax set up a website to help people figure out if they hack affected them at www.equifaxsecurity2017.com, but on more than one occaision, the official Equifax Twitter account mistakenly directed people to www.securityequifax2017.com, a fake website that had been set up to spoof the real site. Also, this wasn’t just a one-time error, as Mashable says Equifax tweeted the incorrect link at least eight or nine times before noticing the mistake and deleting the tweets. Luckily, the fake site seems to have been designed just to expose how stupid Equifax is, rather than to steal more customer data, but this was still a very close call.

Apparently, the fake site had a header indicating it wasn’t the real thing, saying, “Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Site.” Then, if someone still actually tried to enter their personal information, a message would pop up that said “you got bamboozled” and directed people to tell the Equifax Twitter account about the mistake.

 
Join the discussion...