Click to Skip Ad
Closing in...

Equifax has been sending hack victims to a fake phishing site

Published Sep 20th, 2017 6:42PM EDT
Equifax breach check
Image: AP/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

If you’re feeling lost and confused following news of Equifax’s recent data breach, don’t worry: not even Equifax’s own customer service knows what’s going on. Twitter customer service agents have been redirecting customers to a fake phishing site, not run by Equifax and with zero relation to the company.

Agents are only doing this because Equifax’s site with information about the hack isn’t good to begin with. It made a website at equifaxsecurity2017.com to tell customers about the breach. But that URL isn’t memorable and is easily confused with something else — say, for example, securityequifax2017.com. So a web developer made a lookalike website at that similar address, with the intention of showing Equifax the error of its ways.

It didn’t work out exactly like he imagined.

Rather than recognize the potential security risk, one of Equifax’s Twitter agents has instead spent the last two weeks sending customers to the fake website. Gizmodo found eight tweets with the fake URL, dating back to September 9th:

The danger of a fake website is obvious: it could easily ask victims for identifying information, under the guise of working out if they were part of the breach or not. With no easy way to verify that the website is actually made by Equifax, customers are left oblivious. It was a bad idea to use a standalone website to begin with; tweeting out links to a fake website just makes things worse for the company.

Chris Mills
Chris Mills News Editor

Chris Mills has been a news editor and writer for over 15 years, starting at Future Publishing, Gawker Media, and then BGR. He studied at McGill University in Quebec, Canada.