Equifax Links to a Fake Version of Their Own Site

Equifax

I’m surprised they remember how to breathe.

Fake websites aren’t a new thing. But ones that are made to highlight how negligent a company is being is an odd wrinkle to say the least. Especially since, in this case, that company is Equifax.

Software Engineer Nick Sweeting created a fake version on Equifax’s site, merely swapping two words for the URL: securityequifax2017.com. In his benevolence, he used the page as a self-demonstrating article, showing off how easy it was to spoof the page and explaining how such a thing could be used for phishing. Sadly, he took the page offline after he made his point, but I think people got the message loud and clear:

Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?

Equifax should have hosted this on equifax.com with a reputable [EV] SSL Certificate

Instead, they chose an easily impersonated domain and used a jelly-bean SSL cert that any script kiddie can impersonate in 20 min.

Their response to this incident leaves millions vulnerable to phishing attacks on copycat sites.

This is why you don’t put your security incident website on a domain that looks like a scam (with an Amazon SSL cert).

But it gets better. Equifax shared the site several times on their twitter account, not realizing it wasn’t theirs!

Equifax just keeps screwing the pooch. So remind me: why did anyone trust these assholes to begin with?

READ:  Amazon Fire Phone (32GB, Unlocked) Drops to $199 Off Contract

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT's resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

Learn More →