EQUIFAX Customer Service Led People into Phishing Websites

It’s like it never ends with EQUIFAX and their unethical and questionable business practices. Let’s go down the list; they hired a Music Major as a Chief of Security. They also sold stocks behind closed doors before being investigated by the DOJ. They are involved in a massive Class Action Lawsuit. And to finish the deal, they are the host of one of the biggest cybersecurity incidents in American History.

So, what did EQUIFAX do this time? Well, to remind people of how incompetent some companies and their employees can be. The company set up a website called “www.equifaxsecurity2017.com”, which allowed users to check their current status during this crisis. Now, how can EQUIFAX screw this one up?

Well, turns out that the company sent people to a phishing site that had no connection to the company. The Credit Bureau linked the victim through Twitter to a domain named “securityequifax2017”. Not “equifaxsecurity2017”, this led to a page that had absolutely no association to EQUIFAX and could be used for phishing purposes.

They actually have been sending potential victims of the cybersecurity attack to this website since September 9. Which basically means that they have been sent to a phishing site for longer than 2 weeks. Thankfully, this is another instance of a benign effort made by one Nick Sweeting. Who set up the domain in order to expose the vulnerabilities of EQUIFAX’s customer service.

“I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting tells The Verge. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.” Sweeting then reassured the public by mentioning that no bit of information will leave his page at all.

People, I can’t make this up even if I tried. EQUIFAX just seems full of incompetent clowns by this point. And the worst part is that they were the people in charge of over millions of people’s identities. The issue only worsens once you think about what the phishing sites can actually screw someone over big time. By actually taking the information of the affected parties even while they weren’t involved in the incident at all. Way to go EQUIFAX!