Equifax Inc. (NYSE: EFX)
We all heard about the massive data breach in September of 2017, when Equifax exposed personal information of nearly half of the US population, up to 143 million customers. Information exposed included credit card numbers, social security numbers, birthdays, driver’s license numbers and addresses in what is known as one of the largest data breaches in history.
Making matters worse, Equifax accidentally directed customers to a fake phishing site, when trying to calm the nerves of the public. A secure website was set up for customers, which was www.equifaxsecurity2017.com, to aid in determining whether people had been affected by the breach. On several occasions over the weeks following the incident, Equifax responded to customer inquiries with their official Twitter account by accidentally directing them to a fake phishing site at www.securityequifax2017.com.
This was a huge mistake at a time when they were trying to earn back the public’s trust, at the precise moment when the public was looking for reassurances about the safety of their personal information, bank accounts and investments. Additionally, Equifax tweeted the fake phishing site address at least three times before it was noticed.
They then issued a warning to the public stating that consumers should beware of fake websites appearing to be operated by Equifax, stating again that consumers can sign up for free monitoring and learn more at https://www.equifaxsecurity2017.com, adding that their homepage is Equifax.com. Equifax was criticized for creating a completely different domain for customers rather than having a response page within their own domain of Equifax.com. This made it very confusing for customers to recognize whether or not the site was real.
Luckily, it turned out that the fake site was created by pranksters with no malicious intent, and was for the purpose of exposing the mass potential for errors. This was evident in the first heading on the fake website which included the words: “Why Did Equifax Use a Domain That's So Easily Impersonated by Phishing Sites?"
Of all the companies to have a massive data breach, and then to mistakenly direct consumers to a fake phishing site, one of the three major credit reporting agencies that contains private and personal information on half of the US population was one of the worst possible scenarios.
Many feel they should have then made a smarter choice about the domain they created to resolve this massive problem. That is the exact reason why many companies will purchase the domains of common misspellings of their business, to keep customers from landing on a fake site instead of their real company website.