Equifax ’s reply to its data point falling out has been a total shitshow , something the troupe seems compulsive to remind us of each and every daytime .
For well-nigh two weeks , the company ’s official Twitter story has been lead users to a fake lookalike website , the solitary purpose of which is to expose Equifax ’s reckless response to the rupture .
https://twitter.com/embed/status/906630549829308417
After harbinger the severance , Equifax directed its customers toequifaxsecurity2017.com , a website where they can enrol in identity thievery protection services and find update about how Equifax is handing the “ cybersecurity incident . ”
But the decision to produce “ equifaxsecurity2017 ” in the first place was monumentally stupid . The uniform resource locator is long and it does n’t calculate very prescribed — that intend it ’s go to be very gentle to emulate . Fake versions of the site could be used to phish Equifax customers and steal their personal information , again . A much safer choice would have been to make a subdomain on the Equifax website ( equifax.com ) and direct substance abuser there .
To illustrate how ridiculous Equifax ’s decisiveness was , developer Nick Sweeting created a simulated web site of his own : securityequifax2017.com . ( He simply throw the words “ security department ” and “ equifax ” around . ) Sweeting ’s website looks slightly unlike than the prescribed Equifax website , as you could see below , but only because he is n’t actually trying to dupe anyone :
Sweeting ’s intentions clear are n’t malicious . If anything , he ’s trying to certify why Equifax take to keep out down its site , or at least transfer it elsewhere , so it is n’t further expose consumers to run a risk .
As if to establish Sweeting ’s item , Equifax appears to have been itself duped by the fake uniform resource locator . The ship’s company has directed users to Sweeting ’s fake site sporadically over the past two weeks . Gizmodo notice eight tweet control the bastard URL dating back to September 9th :
Each of the tweet containing Sweeting ’s URL is signed by someone at Equifax bring up “ Tim . ” The latest tweet was institutionalise out September 19th . ( Equifaxdeleted this tweetWednesday morning , but at the time of write the other seven tweets were still unrecorded . )
property to white - hat@thesquashSHfor registering that look - alike Equifax domain of a function before some lurker switched it to a phishing portal . 👍
— SwiftOnSecurity ( @SwiftOnSecurity)September 20 , 2017
“ It ’s in everyone ’s pastime to get Equifax to change this site to a reputable domain , ” Sweeting tell Gizmodo . “ I knew it would only cost me $ 10 to prepare up a site that would get people to notice , so I just did it . ”
The real Equifax site is dangerous , he said , because of how easy it is to portray . “ It only deal me 20 minutes to build my clone . I can guarantee there are real malicious phishing version already out there . ”
Security
Daily Newsletter
Get the good technical school , skill , and cultivation news in your inbox day by day .
News from the future , redeem to your present .
You May Also Like
