Tech

Equifax Fell For A Clone Of Its Website — And Then Sent Users To It

For nearly two weeks, Equifax reps directed security breach victims to a fake website with a URL similar to the real one's.

Equifax Fell For A Clone Of Its Website — And Then Sent Users To It
Firefox
SMS

To help people sign up for its credit monitoring service, Equifax directed some Twitter users to "securityequifax2017.com."

The issue with that? It's not the right website.

Equifax's actual website is "equifaxsecurity2017.com," but the company tweeted out the link to a fake site with a similar URL for nearly two weeks.

Following reports that the links were fake, Equifax deleted the misleading tweets

The fake website — which is now blocked by Chrome and Firefox — wasn't created to be malicious. It was actually developed to draw attention to the possibility of real phishing schemes, and it worked so well even Equifax fell for it. 

Equifax Was Warned To Fix System Flaws Months Ago

Equifax Was Warned To Fix System Flaws Months Ago

The Apache Software Foundation says it told Equifax it had vulnerabilities in March.

LEARN MORE

Nick Sweeting, the reported developer behind the misleading site, told Gizmodo he only needed $10 and 20 minutes to build his clone. He also said: "I can guarantee there are real malicious phishing versions already out there."

Phishing works when hackers clone trusted websites with reworded — or even misspelled — URLs to deceive users into entering personal information. Because "equifaxsecurity2017" is so long and unofficial-sounding, users may not recognize what's real and what's fake.