+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Equifax mistakenly told consumers worried about its data breach to go to a spoof site

Sep 21, 2017, 01:51 IST

Options traders are betting that Equifax's stock will drop further following last week's announcement of a security breach.Reuters / Brendan McDermid

Add another "oops" to Equifax's pile.

Advertisement

For more than a week, company representatives have been directing consumers to a fake phishing site instead of to one actually maintained by the credit reporting agency, according to a new report by the Verge. The site - securityequifax2017.com - was specifically created by a software developer to show how easy it would be to spoof the webpage Equifax created to inform consumers about its recent massive security breach, according to the report.

The address of the site Equifax actually set up is equifaxsecurity2017.com.

"I made the site because Equifax made a huge mistake by using a domain that doesn't have any trust attached to it [as opposed to hosting it on equifax.com]," Nick Sweeting, who created the spoof page, told the Verge. "It makes it ridiculously easy for scammers to come in and build clones - they can buy up dozens of domains, and typo-squat to get people to type in their info."

In an emailed statement an Equifax spokesperson told Business Insider: "All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion."

Advertisement

The company did not provide an explanation for how it made such an obvious mistake, particularly at a time when its practices were already under the spotlight after Equifax suffered a massive security breach.

Earlier this month, the credit reporting company acknowledged that a hacking attack compromised the personal data of 143 million US consumers and an unknown number of foreign ones, making it one of the biggest computer security breaches in history. In response to the attack the company set up a site to allow consumers to check to see whether their own data was affected by the security breach.

But at least as early as September 9 - just two days after announcing the hacking attack - Equifax representatives on Twitter were directing consumers to Sweeting's spoof site rather than to the company's own page, according to the Verge. Sweeeny said that he had taken steps to protect the data of consumers who inadvertently ended up at his site.

You can read the full report here.

NOW WATCH: Watch Apple's Face ID unlocking fail during its big demo

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article