After failing to patch a known vulnerability that resulted in the exposure of the personal data of over 143 million Americans, Equifax is doing its best to continue putting people at risk. The company is apparently sending victims of its data breach to a phishing website that was set up to troll the company itself. The official Twitter account of the credit reporting firm has tweeted the link to this spoof website multiple times.
The website that the company was planning to send the data breach victims to was equifaxsecurity2017.com, as we have previously reported. However, the official Twitter account continued to send people to a knock-off website (securityequifax2017.com) that was actually put up to mock the security practices of Equifax, a company that prior to the breach advertised itself for securing credit data of millions of people.
Equifax sends breach victims to a phishing site
After every major data breach, criminals create clone websites to mine for user data. That, however, doesn't seem to be the case here. The tweeted spoof website was created by a security researcher to show how easy it was to confuse Equifax's poorly named website with a bogus site. It appears even the executives at the company fell for it.
"Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That's So Easily Impersonated By Phishing Sites," the fake site reads. "Equifax should have hosted this on equifax.com with a reputable [EV] SSL Certificate," the site continues to lambast the company.
"Instead they chose an easily impersonated domain and used a jelly-bean SSL cert that any script kiddie can impersonate in 20min."
The official tweets were deleted after over 18 hours of going live!
Correction, they tweeted it over 8 times! (Some of them have been deleted)
— Nick Sweeting ???? (@thesquashSH) September 20, 2017
Why confuse people even more in all this mess?
Similar to how the original response site works, this spook also asks visitors to enter their last name and last six digits of their social security number. Once the user hits on "continue," they receive the following warning:
"you just got bamboozled. this isnt a secure site [sic]! Tweet to @equifax to get them to change it to equifax.com before thousands of people loose [sic] their info to phishing sites!"
The spoof site appears to have been created by Nick Sweeting, who claims he is not storing any of the entered data, but that could be easily done if not by him then by another similar site. Sweeting said that the only reason he has put up the website is to make Equifax move their response site to Equifax.com instead of an easily impersonated domain.
To be extra clear, no form data is accepted on the site (the form points to localhost), it's not malicious in any way.
— Nick Sweeting ???? (@thesquashSH) September 20, 2017
His website does carry a header that talks about Equifax security practices, which shows how easily people will fall for a spoof site based on similar design, even if the content is different.
Moving the notification site to equifax.com will make it easier for people to trust the site as it is the official domain. The use of equifaxsecurity2017.com only confuses people and makes them vulnerable to look-alike domains that possibly are phishing for data.
"All posts using the wrong link have been taken down," an Equifax spokesperson said in an emailed statement. "To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion." It isn't immediately clear if the company is planning to move the notification site to its own domain any time soon.
