The United States’s oldest credit agency, Equifax Inc. recently disclosed data breach affecting more than 143 million people and established a new website to share information with customers. But due to a wrong sharing of an incorrect web address on Twitter several times, customers had to face a fake website.
One of his security researchers said that this was a big faux-pas.
After this, Equifax setup a new website – equifaxsecurity2017.com so that people could get information.
This website also gives an option to register the people who want the credit monitoring service, in which people can register by filling their personal details in a form.
Many security researchers say that instead of setting up a new website, Equifax should host this information on their main website Equifax.com.
They also told that the new website looks like that the scammer has built it for making fool of Victims.
Security researcher Nick Sweeting tweeted that “Yeah … no thanks … it would take me literally 20 mins to build a clone of this site.”
Then he did exactly what he said, prepared an identical version of the securityequifax2017.com website. His fake version of the website also allows people to fill personal information. But then he told them that they are “bamboozled”.
The staff, who was handling the official Twitter page of Equifax, had shared the wrong website several times. In a statement, Equifax apologizes and said: “all posts that are with the wrong link have been removed, we apologize for this confusion.”
“Consumers should be cautious of the Fake website, to get more information on this incident and sign up for free credit monitoring our dedicated websites are equifaxsecurity2017.com and our US company homepage is equifax.com”
Ken Munro, from a security firm Pen Test Partners, has said that “it is clear that the social media team did not brief information well.”
“This is a very big faux-pas, they should not point people to any website which is not real”
Mr. Munro said that “people need to be cautious after the data breach. Hackers can fool victims on behalf of affected organizations”
“They can also make phone calls to victims and saying they are from the support team, but they may be hackers.”