Following its data breach, the credit rating company set up a new website, equifaxsecurity2017.com, to let people find out more information about the security incident the company has suffered and how to find out whether their personal information has been exposed. The website also allowed people register for a credit monitoring service, by entering personal details into a form.
But because the new web address looked like one a scammer might set up to try to fool victims, many security researchers said Equifax should have hosted this information on its main website, equifax.com, rather than setting up a new one.
To prove this, a security researcher has built a clone of the website at securityequifax2017.com and staff operating the Equifax twitter feed shared the fake website with customers several times. The incorrect tweets have since been deleted and Equifax apologised for the confusion.
Consumers should be aware of fake websites purporting to be operated by Equifax. Our dedicated website for consumers to learn more about the incident and sign up for free credit monitoring is equifaxsecurity2017.com and our US company homepage is equifax.com.
“They are lucky the person behind it was a well-intentioned security researcher, it could easily have been somebody harvesting credentials” another security researcher said for BBC. Criminals often use a widely-publicised data breach to try and fool victims into handing over more of their personal data.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now