Article 32QHQ Equifax sends breach victims to fake notification site

Equifax sends breach victims to fake notification site

by
Dan Goodin
from Ars Technica - All content on (#32QHQ)
fake-equifax-site-800x461.jpg

Enlarge (credit: https://securityequifax2017.com/)

The official Equifax Twitter account encouraged people to visit a knock-off website that mocks the company's security practices instead of the site the company created to warn of a massive data breach. That recent breach exposed personal details for as many as 143 million US consumers.

In a tweet on Tuesday afternoon, an Equifax representative using the name Tim wrote: "Hi! For more information about the product and enrollment, please visit: securityequifax2017.com." The message came in response to a question about free credit monitoring Equifax is offering victims. The site is a knock-off of the official Equifax breach notification site, equifaxsecurity2017.com. A security researcher created the imposter site to demonstrate how easy it is to confuse a legitimate name with a bogus one. The Equifax tweet suggests that even company representatives can be easily fooled. The tweet was deleted late Wednesday morning, more than 18 hours after it went live.

equifax-tweet.png

It turns out Equifax has linked to the same fake domain since at least September 9, as evidenced by tweets here, here, and here. Unlike Tuesday's tweet, the September 9 tweets remained live when this post was going live, but were taken down shortly after that.

Read 6 remaining paragraphs | Comments

index?i=3C6FSrBQ6nk:kzXuOSnEgfE:V_sGLiPB index?i=3C6FSrBQ6nk:kzXuOSnEgfE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments