Equifax, whose recently disclosed security breach put the personal information of 143 million Americans at risk, isn’t done being technologically inept. Apparently the company has been tweeting a link to a fake phishing site for nearly two weeks.
Since announcing the breach, Equifax has been directing concerned consumers to a separate site, equifaxsecurity2017.com. Here, you can enroll in the company’s identity theft protection services. You can also get updates about how Equifax is handing this widespread security incident.
As Gizmodo points out though, redirecting consumers to a separate website is incredibly stupid (and perhaps indicative of how Equifax got into this mess in the first place). Why? A random, new website like this is easily spoof-able, as one well-meaning developer has helpfully pointed out.
Developer Nick Sweeting created his own website to illustrate this issue. He simply interchanged the words “security” and “Equifax” to create securityequifax2017.com. Not being a malicious hacker, however, Sweeting’s site only points out how simple it would be for Equifax victims to be duped a second time. It doesn’t actually steal your information.
Below, Equifax’s legitimate website:
And Sweeting’s version, which took him approximately 20 minutes to create:
Sweeting did such a good job, in fact, that even Equifax employees were fooled: Equifax tweeted out the link to Sweeting’s fake phishing site eight times since Sept. 9. A number of the tweets have been screengrabbed, but Equifax has since deleted them from its Twitter feed.
As Sweeting’s fake phishing site explains, Equifax should have created a secure portal on its own domain for consumers to use.
Sweeting actually did all of us a favor, and not just in revealing this issue. By registering that particular domain, he likely prevented someone else from turning it into a phishing site. His project, however, shows exactly how easy it is for any moderately talented programmer to take advantage of internet denizens. And perhaps more importantly, it shows that Equifax is continuing to make poor, careless decisions on behalf of the consumers it’s already put at risk for hacking and identity theft.
While Equifax will likely never get the punishment it deserves for this extraordinary data breach, at least Sen. Elizabeth Warren is trying to make it easier for the rest of us to freeze and unfreeze our credit for free. And if you didn’t trust Equifax before, now you’ve got even more reason not to.
H/T Gizmodo