Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks

An anonymous reader shares a Gizmodo report (condensed for space): For nearly two weeks, the company's official Twitter account has been directing users to a fake lookalike website. After announcing the breach, Equifax directed its customers to equifaxsecurity2017.com, a website where they can enroll in identity theft protection services and find updates about how Equifax is handing the "cybersecurity incident." But the decision to create "equifaxsecurity2017" in the first place was monumentally stupid. The URL is long and it doesn't look very official -- that means it's going to be very easy to emulate. To illustrate how idiotic Equifax's decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words "security" and "equifax" around.) As if to demonstrate Sweeting's point, Equifax appears to have been itself duped by the fake URL. The company has directed users to Sweeting's fake site sporadically over the past two weeks. Gizmodo found eight tweets containing the fake URL dating back to September 9th.

Re:Is someone paying them to be this stupid?

[cayenne8]

I would think at this point, the shareholders could unite, and vote to sweep the entire company clean....and start over.

Re:Is someone paying them to be this stupid?

[king+neckbeard]

How can anyone be this bad at their core business?

Their core business is maintaining an oligopoly on an essential service, and they do that well. Keeping information safe is not part of their core business, and thus, they pay little attention to it.

Re:Is someone paying them to be this stupid?

[rholtzjr]

I think a lawyer said it is pretty much over for Equifax. 20 billion in damages. Yikes!

Yea, so when your IT folks raise concerns about security..... DON'T IGNORE THEM!