When news of the hack was published on September 7, over a month after its scale had been discovered, Equifax set up a website for worried customers to check if they had been affected – equifaxsecurity2017.com – rather than setting it up on the equifax.com domain.
As a bit of fun security researcher Nick Sweeting set up securityequifax2017.com with a familiar look and feel, just like phishers do every day. To make that point the headline on the website was “Cybersecurity Incident & Important Consumer Information which is Totally Fake, why did Equifax use a domain that’s so easily impersonated by phishing sites?”
Turns out he had a point, since the site fooled Equifax itself. Shortly after setting up the site, Equifax’s official Twitter feed started to link to Sweeting’s fake page and in a series of posts dating from September 9 Tim on Equifax’s social media team began tweeting out the wrong URL to customers concerned about their data.
The tweets (now removed by red-faced Equifax staff) continued until Sept 18 before they were spotted by stanleyspadowski on imgur and @aaronkkruse on Twitter. It’s not known how many people were directed to the site, and it has since been blocked by Google.