Equifax sends breach victims to fake support site

Can you tell the difference between equifaxsecurity2017.com and securityequifax2017.com? One is a lookalike support page set up to teach Equifax a lesson.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

A tweet from Wednesday sending breach victims to the mock support site. 

Twitter/Screenshot by Alfred Ng

Now Equifax knows what it's like to have its identity stolen.

The credit monitoring company has been tweeting out a link to victims of its massive breach that's actually a fake support page set up to look exactly like its own.

The real Equifax support URL is equifaxsecurity2017.com. But since Sept. 9, two days after the breach was announced, Equifax has also been tweeting out the spoof page at securityequifax2017.com.

Watch this: Equifax breach: Were you one of the 143 million affected?

Although Equifax's Twitter account used the proper URL most of the time, the mock page was sent out in tweets from the account at least seven times. Those tweets have since been deleted, but one from Monday was still up at about 11 a.m. PT Wednesday.

Equifax didn't respond to a request for comment. 

The mock page looks exactly like Equifax's support page, but with a few significant details changed. At the top of the fake page, Nick Sweeting, the site's creator, asked, "Why did Equifax use a domain that's so easily impersonated by phishing sites?"

Sweeting bought and registered the spoof domain name the same day Equifax announced the breach. In the 11 days since then, he said he's received more than 100,000 hits on his fake URL.

The software engineer said it only took 20 minutes to build an exact copy of Equifax's website. It cost him $15 for domain hosting and server maintenance. Sweeting said he did it to teach Equifax a lesson about its vulnerable URL and how easy it was to spoof.

His mock website doesn't steal any data, but he said it can be turned into a malicious page for phishing attacks in two minutes. That's scary given that Equifax's support webpage asks for six digits of your Social Security number and your last name to find out if you were breached.  

"I can guarantee there are real malicious phishing versions already out there," Sweeting said. He's not surprised his spoof page received so many views.

Cybercriminals have been taking advantage of Equifax's breach by pretending to be helping. On Sept. 14, the Federal Trade Commission put out a warning that scammers were calling people pretending to be from Equifax to steal personal information

There's been a lot of scrutiny over how Equifax is handling the breach. Politicians like Sen. Elizabeth Warren ,D-Mass., and Sen. Mark Warner, D-Va., have demanded answers from Equifax on how the breach happened. Equifax CEO Richard Smith is expected to testify before Congress on the breach.

Sweeting has no plans to take his fake page down. After all, he paid to own the domain name for a whole year.

"I hope the intern who posted the tweet doesn't get fired," Sweeting said. "The real blame lies with the people who originally decided to set the site up badly."

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

iHate: CNET looks at how intolerance is taking over the internet.