Equifax Officially Links to Phishing Site!!!

The official account of Equifax Inc. on Twitter has been directing inquiring customers to a phishing site, since September 8th and for about 10 days afterwards.

Instead of posting the link to their equifaxsecurity2017.com, the account has been directing customers to visit securityequifax2017.com, which is not controlled by the hacking-prone Equifax Inc.

Equifax phishing site

A few of the dangerous Equifax tweets have been deleted, although many remain as of September 20, including what appears to be the first one from September 8th.

Equifax Phishing Tweet - first?

The more galling thing is that a Twitter user actually called out the Equifax account within minutes of the tweet, yet nothing was done — the misleading Equifax tweet from September 8 remains up even today.

Most of the official tweets appear to have been posted by a man named “Tim” on the Equifax’s social-media team.

Fortunately, the fake site had been set up by a good guy (Nick Sweeting @thesquashsh) who registered the domain name to prevent it from falling into the hands of squatters with more nefarious motives. He also quickly built a clone site for the domain in order to demonstrate how easy it is to phish Equifax victims using a dubious url.

Equifax clone site

More updates, screenshots and details to be added to this page as they become available.