"After a breach of 143 million people’s personal information, the official Equifax Twitter account accidentally tweeted a link to a phishing website for victims who needed support. "
According to this article, this went on for WEEKS.
“Luckily for everyone involved, though, the fake website doesn’t seem to be malicious in nature. According to the report, developer Nick Sweeting told The Verge that he set up the site “because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it.” Doing so tends to make it easier for cloned sites to be made to scam users, he said. Sweeting also noted that no data will leave his site.”
@Thumperchick Yeah right. No data will leave his site? Unless he gets hacked. Or decides he will use it himself. He needs to zap all the data. No reason for him to keep it.
@Kidsandliz he specifically wrote it so that the data that was entered stayed inside the users browser.
notice the webpage as it was:
“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” Sweeting told Gizmodo. “I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
The real Equifax site is dangerous, he said, because of how easy it is to impersonate. “It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.”
This reminds me of the guy who set up a fake Google listing for the Secret Service, forwarded the number to the real number, and recorded both sides of the conversations to try to force Google to fix their broken systems.
Sadly even under orders from the secret service they didn’t fix things.
My first thought when I saw their real domain was that it was fake. I love how they put the year in there. That way, when they screw up again next year, they can just increment the year and have a new domain for every breach.
note that the 2017.com domain is registered to Equifax while the 2018.com version has a private proxy. So Equifax probably hadn’t thought that far ahead.
"After a breach of 143 million people’s personal information, the official Equifax Twitter account accidentally tweeted a link to a phishing website for victims who needed support. "
According to this article, this went on for WEEKS.
“Luckily for everyone involved, though, the fake website doesn’t seem to be malicious in nature. According to the report, developer Nick Sweeting told The Verge that he set up the site “because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it.” Doing so tends to make it easier for cloned sites to be made to scam users, he said. Sweeting also noted that no data will leave his site.”
@Thumperchick Yeah right. No data will leave his site? Unless he gets hacked. Or decides he will use it himself. He needs to zap all the data. No reason for him to keep it.
@Kidsandliz Or he could use it as
ransomevidence as how fucked up Equifax is and sue them for $$ or something.@Kidsandliz he specifically wrote it so that the data that was entered stayed inside the users browser.
notice the webpage as it was:
/giphy burn it all down
This reminds me of the guy who set up a fake Google listing for the Secret Service, forwarded the number to the real number, and recorded both sides of the conversations to try to force Google to fix their broken systems.
Sadly even under orders from the secret service they didn’t fix things.
@jbartus
@jbartus Sent me down a rabit hole that lead full circle back to meh :
My first thought when I saw their real domain was that it was fake. I love how they put the year in there. That way, when they screw up again next year, they can just increment the year and have a new domain for every breach.
@medz
note that the 2017.com domain is registered to Equifax while the 2018.com version has a private proxy. So Equifax probably hadn’t thought that far ahead.
@walarney I noticed they were all taken through at least 2020. The fake one for 2018 was still available when I checked though.
@medz I guess that’s one approach to “expectation management”.
equifaxsecurity2018.com is blocked on our corporate network. I’ll have to see what’s there when I get home.