ATLANTA–The fact-checking at Equifax when it comes to the Internet is apparently not improving. On Twitter, the company directed consumers to a fake site that imitated its equifaxsecurity2017.com site, not once, but three times.
Equifax linked to a site created by software engineer Nick Sweeting, securityequifax2017.com, which was fake. While the Chrome, Firefox and Safari browsers have now blacklisted the site created by Sweeting, he said it had seen 200,000 hits.
“Fortunately for the people who clicked, Mr. Sweeting’s website was upfront about what it was,” the New York Times reported. “The layout was the same as the real version, complete with an identical prompt at the top: ‘To enroll in complimentary identity theft protection and credit file monitoring, click here.’ But a headline in large text differed: “Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use a Domain That’s So Easily Impersonated by Phishing Sites?”
The Times noted it would have been just as easy for phishers to create their own fake versions of the Equifax site and to collect data from unsuspecting users.
Sweeting told the Times that the Equifax “site is dangerously easy to impersonate,” and that he had created his site solely to draw attention to the weakness of Equifax’s security. “It only took me 20 minutes to build my clone,” Sweeting was quoted as saying. “I can guarantee there are real malicious phishing versions already out there. It’s in everyone’s interest to get Equifax to change this site to a reputable domain. I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
Equifax has since said all Twitter posts containing the wrong link had been deleted.