As if it wasn't bad enough that Equifax has suffered one of the most significant data breaches in history, exposing millions of people to potential identity theft, they've gone and made a blundered of the situation again.
As pointed out by John Oliver on Last Week Tonight, Equifax created a website where potential victims of the data breach could check if they were one of the people compromised. The issue is the domain they went with has one major flaw with it.
The domain in question is EquifaxSecurity2017.com, and if that domain name hasn't already set off some red flags as to why it may have been a poor choice for a domain name in a situation like this, then have a look as to what John Oliver had to say about it.
Equifax's choice to use a domain name like EquifaxSecurity2017.com has allowed for very similar domains like SecurityEquifax2017.com (which has since removed the site) or a site created by Last Week Tonight, EquifaxFraudPrevention.com to pop up and showcase how hackers can easily exploit situations like these..
Why did Equifax decide to go with this domain name then?
The most perplexing part of this domain name blunder is that phishing sites aren't a new concept or way of stealing peoples personal information. This is literally a method of deception that has been used on the internet since the 90's when AOL started to take off.
Large corporations like Equifax are very aware of this issue and commonly practise it with brand protection methods, such as bulk purchasing any misspelling of their domain name. This raises the question of "Why did Equifax chose to pick a domain name that could be easily phished, versus making it part of its usual site Equifax.com?" but will touch more on this in another post.
While half of American's have had their personal information compromised by the Equifax breach, you're personal information is always being sought out by new criminals looking to steal your identity. The only goal of a phishing site, is to lure you into providing the hacker with your personal information.
This is accomplished by a few different methods that you should be aware of while browsing the web;
These are just a few examples of ways hackers are trying to trick you into giving them your personal information for free, instead of having to purchase your information from brokers across the deep web. If you want to learn more about the method used to gather your personal information you should check out this post.
No matter where you are on the internet you always need to be vigilant in looking out for methods looking to steal your information. Even when it come from the source itself, you need to be aware, because leave it to Equifax to make a great example of when this can happen.
After launching it's new website for victims affected by the Equifax breach, an Equifax support member working on their Twitter account started making a very subtle mistake. See if you can spot it in the image below.
That's right, it's the fake domain name we mentioned earlier SecurityEquifax2017.com, and not the actual site EquifaxSecurity2017.com. Even one of Equifax's own support staff managed to make the simple mistake made by Equifax using a very obscure domain name for an issue with such importance.
At the end of the day it's always the users responsibility to exercise caution when browsing the internet, expecially when they're being asked to provide personal information. If a website is asking you to put in sensitive information, just take a moment to make sure it's the real deal, and they actually need that information.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.