The firm recently disclosed a data breach affecting more than 143 million people, and set up a new website to share information with customers. But it mistakenly tweeted the wrong web address several times, leading some customers to a fake website. One security researcher told the BBC it was a “massive faux-pas”.
Following its data breach, Equifax set up a new website – equifaxsecurity2017.com – to let people find out more information. The website also let people register for a credit monitoring service, by entering personal details into a form. Many security researchers said Equifax should have hosted this information on its main website – equifax.com – rather than setting up a new one. They pointed out that the new web address looked like one a scammer might set up to try to fool victims. Security researcher Nick Sweeting tweeted: “Yeah… no thanks… it would take me literally 20 mins to build a clone of this site.” He then did exactly that, creating an almost identical version of the website at securityequifax2017.com.
His fake version of the website also let people fill in their personal information – but then told them they had been “bamboozled”. Staff operating the Equifax twitter feed shared the fake website with customers several times.
Source: BBC News