Ad Home

The Customers of Equifax have been redirecting to fake phishing site


The Customers of Equifax have been redirecting to fake phishing site


Equifax closed up building that exact situation on Twitter. In a tweet to a potential victim, the securities bureau linked to securityequifax2017.com, rather of equifaxsecurity2017.com. It was an easy error to make, but the end sent the user to a place with no connection to Equifax itself. Equifax removed the tweet shortly after this report was published, but it remained alive for nearly 24 hours.





Luckily, the alternative URL Equifax sent the victim to isn’t wicked. Full-stack developer Nick Sweeting set up the misspelled phishing site in the system to expose vulnerabilities that lived in Equifax’s response page. “I made the site because Equifax made a huge error by using a domain that doesn’t hold any trust attached to it as objected to hosting it on equifax.com,” Sweeting tells News. 



“It makes it extremely easy for scammers to grow in and build clones they can buy up dozens of domains, and typo-squat to get somebody to type in their info.” Sweeting says no data will leave this page and that he “eliminated any risk of leaking data via network applications by redirecting them back to the user’s own computer,” so probably data entered on this site is relatively safe. Still, Equifax’s team linked out to this page. That isn’t encouraging.



Prior to Equifax consumer service sharing the imposter site, Sweeting says he emailed the support team and tweeted to Equifax that he found a potential vulnerability

Equifax’s entire answer to the breach has been a mess. The organization website set off alarms for lawyers who suffered it might waive victims’ right to sue the corporation, and the response phone line agents actually had no data and just directed concerned customers back to the website.





Google