Equifax Sent Consumers to Fake Phishing Site by Repeatedly Tweeting the Wrong URL

Google+ Pinterest LinkedIn Tumblr

Equifax has repeatedly come under fire for its handling of the data breach that exposed the personal information of approximately 143 million people across the nation. Now, it has come to light that the credit bureau has been directing people to a fake lookalike website instead of the site the company created for people to see if they were affected.

As reported by Gizmodo, Equifax created as a resource for customers to determine if their information may have been compromised during the “security incident.”

The decision to create a new site instead of using a subdomain on the main Equifax site has been called into question, as the new URL doesn’t seem very official and is easier to emulate than a subdomain.

In an effort to point out how risky Equifax’s decision was, Nick Sweeting, a developer, created a fake website and simply switched the words “Equifax” and “security” in his version of the URL.

When people go to Sweeting’s website,, they reach a page that varies slightly from the official version.

Sweeting’s site isn’t a phishing attempt. Instead, the content focuses more on trying to show why Equifax should change their breach-oriented website to a URL that doesn’t put its customers at risk.

But, the fake website is so convincing, even Equifax appeared to be duped by the URL. The company repeatedly tweeted Sweeting’s URL instead of its own over the course of two weeks. At least eight tweets from Equifax, some of which were signed by someone going by the name “Tim,” featured the incorrect website (though one of the tweets has since been deleted).

“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” said Sweeting during an interview. “I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”

Sweeting went on to say, “It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.”

One Twitter user did thank Sweeting for setting up the domain, saying in a tweet, “Props to white-hate @thesquashSH for registering that look-alike Equifax domain before some lurker switched it to a phishing portal.”

Another stated that they registered a similar domain that, if you go to the site, features a cat video.

At the time of this writing, Sweeting’s site does not contain the original content of the page and is instead displaying the Apache2 Ubuntu Default Page. The reason for the change is not immediately known.