INFRA
INFRA
INFRA
You can’t make this up: Equifax directs hacked customers to fake security site
In a bizarre turn of events, consumer credit reporting agency Equifax Inc. has publicly suggested that those affected by its huge hacking should visit a fake site for further information.
The recommendation to visit the fake site came via a series of tweets on the official Equifax Twitter account. The tweets directed those affected to the fake site instead of to the official Equifax site set up specifically to help concerned consumers, Equifaxsecurity2017.com.
According to reports, the tweets directed customers to securityequifax2017.com, a site that mocks the ineptitude of Equifax for “using a domain that’s so easily impersonated by phishing sites.” Some sites are claiming that the fake site itself was a phishing site — Google alerts Chrome users that it is — but according to The Verge, the fake site itself was set up by full-stack developer Nick Sweeting to “expose vulnerabilities that existed in Equifax’s response page.”
“I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting said. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”
Regardless of the intent, the mere fact that Equifax was publicly tweeting links to a fake site adds to an ongoing story that would make Shakespeare’s “Comedy of Errors” look like a tragedy. Starting with the breach itself, it has since been revealed that Equifax knew of the breach for months but failed to disclose it; that Equifax suffered an earlier hack in March which it also failed to disclose; that executives at the company used simplistic passwords on their accounts; and that some of the same executives also sold stock in the company prior to disclosing the hack, leading to a criminal investigation.
“The catastrophic breach of Equifax’s systems was inevitable because of systemic organizational disregard for cybersecurity and cyber-hygiene best practices, as well as Equifax’s reliance on unqualified executives for information security,” James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, told SiliconANGLE.
Image: flickrhurst/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
