After failing to patch a known vulnerability that resulted within the exposure of the personal data of over 143 million Americans, Equifax is doing its greatest to proceed placing individuals in danger. The corporate is outwardly sending victims of its information breach to a phishing web site that was arrange to troll the corporate itself. The official Twitter account of the credit score reporting agency has tweeted the hyperlink to this spoof web site a number of instances.

The web site that the corporate was planning to ship the information breach victims to was equifaxsecurity2017.com, as we have now beforehand reported. Nevertheless, the official Twitter account continued to ship individuals to a knock-off web site (securityequifax2017.com) that was truly put up to mock the safety practices of Equifax, an organization that prior to the breach marketed itself for securing credit score information of hundreds of thousands of individuals.

Equifax sends breach victims to a phishing web site

After each main information breach, criminals create clone web sites to mine for consumer information. That, nevertheless, doesn’t appear to be the case right here. The tweeted spoof web site was created by a safety researcher to present how simple it was to confuse Equifax’s poorly named web site with a bogus web site. It seems even the executives on the firm fell for it.

“Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites,” the pretend web site reads. “Equifax should have hosted this on equifax.com with a reputable [EV] SSL Certificate,” the positioning continues to lambast the corporate.

“Instead they chose an easily impersonated domain and used a jelly-bean SSL cert that any script kiddie can impersonate in 20min.”

The official tweets have been deleted after over 18 hours of going dwell!