Someone Made a Fake Equifax Site. Then Equifax Linked to It.
- 7 years ago
Someone Made a Fake Equifax Site. Then Equifax Linked to It.
The layout was the same as the real version, complete with an identical prompt at the top: “To enroll in complimentary identity theft protection and credit file monitoring, click here.”
But a headline in large text differed: “Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?”
It would be just as easy for phishers to create their own versions of the Equifax page, and
that would be bad news for anyone entering the information required to enroll in identity theft protection: their surname and the last six digits of their Social Security number.
“Their site is dangerously easy to impersonate,” Mr. Sweeting said in an email, noting
that he had created the site solely to draw attention to the weakness of Equifax’s security.
I can guarantee there are real malicious phishing versions already out there.”
“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” he added.
“I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
In a short statement on Wednesday, Equifax said all posts containing the wrong link had been deleted.
People create fake versions of big companies’ websites all the time, usually for phishing purposes.
The layout was the same as the real version, complete with an identical prompt at the top: “To enroll in complimentary identity theft protection and credit file monitoring, click here.”
But a headline in large text differed: “Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?”
It would be just as easy for phishers to create their own versions of the Equifax page, and
that would be bad news for anyone entering the information required to enroll in identity theft protection: their surname and the last six digits of their Social Security number.
“Their site is dangerously easy to impersonate,” Mr. Sweeting said in an email, noting
that he had created the site solely to draw attention to the weakness of Equifax’s security.
I can guarantee there are real malicious phishing versions already out there.”
“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” he added.
“I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
In a short statement on Wednesday, Equifax said all posts containing the wrong link had been deleted.
People create fake versions of big companies’ websites all the time, usually for phishing purposes.