After the breach, which involved Social Security numbers and other key identifying information, Equifax set up a site, equifaxsecurity2017.com, that directed people to information on the hacking incident and links to sign up for free credit monitoring and other protections the company is offering.
But in several tweets in recent days, a company employee directed people to a fake site that flipped the name of the site and sent people to a similar-appearing site.
Rather than being a phishing site that could have reaped unsuspecting folks’ personal data yet again, it was set up by Nick Sweeting, a software engineer, according to news reports.
People who clicked on the link got this headline: “Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?”
Sweeting told the New York Times his site received more than 200,000 hits before he took it down Wednesday evening.
Equifax apologized for the mistake. “All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion,” the company said in a statement.
The company also warned people to watch for fake websites and emails targeting Equifax customers and people responding to the hacking incident.
“These scams, designed to capture personal information (known as “phishing”) are designed to appear as if they are from Equifax and the emails may link to websites purporting to be operated by Equifax,” said the company.