latterly last calendar month , Equifax secured ascendance over 138 domains mimicking a internet site that the company set up in September in the backwash of its monolithic information breach .
Subject to a cybersquatting ailment , the domains were originally purchased through GoDaddy by a Hong Kong companionship called China Capital Investment Limited . Even now , the domain redirect to placeholder Page full of advertizing label “ Identity Theft Protection ” and “ Protect My credit rating ” that join to commercial product such as Lifelock .
This summer , after pick up that deplorable hack had pilfered the personal and fiscal data of or so 145 million Americans , Equifax slowly began the process of exposing its customer to even further hurt , included by redirecting victims to amalware - laden website .
But the complaint against China Capital Investment Limited demonstrate that Equifax was aware that its determination to channelise victims to a arena — equifaxsecurity2017.com — independent of its existing Equifax.com internet site likely subjected the consumer to new threats .
The credit entry reporting federal agency launched the internet site solely to manage the fallout stemming from the breach , which was born offaulty security practice . The decision drew immediate concern from the infosec community of interests , with many researchers noting — right — how easy it would be for almost anyone to clone the site using a lookalike domain .
And it turn out , that materialise immediately . According to a ailment Equifaxfiled on September 27thwith the World Intellectual Property Organization ( WIPO ) , China Capital Investment began purchasing lookalike domains within 24 hours of Equifax announcing the falling out .
Below is small sample of the contest domains .
It ’s wanton to see how consumers might ’ve been put on — thanks for the most part to Equifax ’s determination not to place advice to breach victims on its own website . Many of the domains hold uncomplicated typos and are clearly aim at taking advantage of consumers .
According to the WIPO , China Capital Investment never challenged the ill . It was n’t the only entity to purchase an Equifax - lookalike domain , either .
For instance , to draw attention to Equifax ’s folly , developer Nick Sweeting secure the domain “ securityequifax2017.com ” and plunge a website mock the credit reporting federal agency . “ It ’s in everyone ’s interest to get Equifax to change this site to a reputable domain , ” Sweetingtold Gizmodoin September .
In a now - blue-pencil tweet , the prescribed Equifax Twitter score even direct consumer to Sweening ’s site , which contained in a the phrase : “ Why Did Equifax practice A area That ’s So Easily Impersonated By Phishing Sites ? ” Sweeting said Tuesday that he has retained mastery over the arena , but that the site is now blacklisted by the Google Safe Browsing lean . “ It ’s reasonably useless in good order now , ” he said .
In September , when Equifax first noticed that gobs of websites had been launched targeting its client , it should ’ve turn back and engineer falling out victims to a reputable web site , like Equifax.com . But for whatever reason the society repeatedly ignored warnings about its decision to establish equifaxsecurity2017.com .
at last , that decision may have peril US consumer to scams and phishing attacks , further imperiling their personal and fiscal datum .
Gizmodo reached out to Equifax for comment about the domains , but did not receive a response .
Update , Nov. 15 , 4 pm : Equifax sent Gizmodo the following affirmation :
“ Equifax has been committed to protecting consumers and helping them fend off likely peril after the cybersecurity incident . In September , after we announced the incident , we saw a rush in domain name registrations include the name Equifax . We believed those adjustment pose risk for consumer , and initiated action to reduce public confusion by enforcing our earmark . While most of these character of encroach domain of a function are n’t malicious , they often include tie-in that could go people to sites that might make them to mistakenly buy services . We have since recuperate more than 100 infringing domains , and additional efforts are ongoing . We remain focussed on strengthening security and rebuild trustingness with consumer in all that we do at Equifax . ”
EquifaxPrivacySecurity
Daily Newsletter
Get the best technical school , skill , and polish news show in your inbox day by day .
News from the time to come , delivered to your present .
You May Also Like
