- ‘SNL’ gives us the daddy pageant we’ve been dying for 1 Year Ago
- How pranksters fooled the internet in 2018 Today 8:00 AM
- 2018 belonged to trans people Today 6:30 AM
- How to watch local channels on Roku Today 6:30 AM
- How to watch Levante vs. Barcelona online for free Today 6:19 AM
- How to watch Liverpool vs. Manchester United online for free Today 6:00 AM
- The best couch co-op video games for couples Today 6:00 AM
- Pete Davidson is OK and at work following alarming Instagram post Saturday 7:26 PM
- Wisconsin Governor Scott Walker doesn’t know how to use a Venn diagram Saturday 5:38 PM
- This college student made a movie trailer to tease her boyfriend, and Twitter can’t get enough (updated) Saturday 3:13 PM
- ‘Kappa Delta Crypto’ aims to break stereotypes in five-minute Snapchat episodes Saturday 2:29 PM
- Two iPhone X customers are suing Apple over screen size Saturday 1:18 PM
- Secretary Ryan Zinke is out at the Department of the Interior Saturday 12:03 PM
- How to watch the New Orleans Bowl online for free Saturday 10:25 AM
- Prada’s racist toys pulled from shelves after social media backlash (updated) Saturday 10:22 AM
Equifax has been sending people to a fake phishing site for weeks
Equifax, whose recently disclosed security breach put the personal information of 143 million Americans at risk, isn’t done being technologically inept. Apparently the company has been tweeting a link to a fake phishing site for nearly two weeks.
Since announcing the breach, Equifax has been directing concerned consumers to a separate site, equifaxsecurity2017.com. Here, you can enroll in the company’s identity theft protection services. You can also get updates about how Equifax is handing this widespread security incident.
As Gizmodo points out though, redirecting consumers to a separate website is incredibly stupid (and perhaps indicative of how Equifax got into this mess in the first place). Why? A random, new website like this is easily spoof-able, as one well-meaning developer has helpfully pointed out.
Developer Nick Sweeting created his own website to illustrate this issue. He simply interchanged the words “security” and “Equifax” to create securityequifax2017.com. Not being a malicious hacker, however, Sweeting’s site only points out how simple it would be for Equifax victims to be duped a second time. It doesn’t actually steal your information.
Below, Equifax’s legitimate website:
And Sweeting’s version, which took him approximately 20 minutes to create:
Sweeting did such a good job, in fact, that even Equifax employees were fooled: Equifax tweeted out the link to Sweeting’s fake phishing site eight times since Sept. 9. A number of the tweets have been screengrabbed, but Equifax has since deleted them from its Twitter feed.
As Sweeting’s fake phishing site explains, Equifax should have created a secure portal on its own domain for consumers to use.
Sweeting actually did all of us a favor, and not just in revealing this issue. By registering that particular domain, he likely prevented someone else from turning it into a phishing site. His project, however, shows exactly how easy it is for any moderately talented programmer to take advantage of internet denizens. And perhaps more importantly, it shows that Equifax is continuing to make poor, careless decisions on behalf of the consumers it’s already put at risk for hacking and identity theft.
While Equifax will likely never get the punishment it deserves for this extraordinary data breach, at least Sen. Elizabeth Warren is trying to make it easier for the rest of us to freeze and unfreeze our credit for free. And if you didn’t trust Equifax before, now you’ve got even more reason not to.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.