Last week I mentioned the importance of checking your credit report and considering a credit freeze following the Equifax cyber attack news. Well, this week brought a new wrinkle to the scandal that also demands your attention. As it turns out, in the wake of this massive breach and the traffic that’s been sent Equifax’s way thanks to all of the press coverage, there are now concerns that customers seeking more information may accidentally be led to sites where scammers can phish for their information.
The trouble started when the credit reporting bureau made the questionable decision to place their latest updates on the attack on a new URL — EquifaxSecurity2017.com — instead of creating a subdomain of their main site. This poses a problem as some confused consumers may be tricked by fraudulent sites with similar names. Case in point: software engineer Nick Sweeting created a fake site with the URL SecurityEquifax2017.com, which the official Equifax Twitter account mistakenly shared on more than one occasion. As NPR reports, visitors to Sweeting’s version of the site would see a banner reading, “Cybersecurity Incident & Important Consumer Information Which Is Totally Fake, Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?” Thankfully, this white hat did not use his bogus site to collect consumer information but just to prove a point. In that latter aspect, he definitely succeeded.
Not only did they tweet the wrong link, they tweeted it 3 times. #Equihax pic.twitter.com/T8jrhSfhqw
— Nick Sweeting ? (@thesquashSH) September 20, 2017
Since that incident, Equifax has apologized and deleted the tweets in question. Still, the incident has led to ever increased scorn for Equifax and forced more consumers to question how safe their data really is. Despite that, the bureau is continuing to use their ExquifaxSecurity2017.com URL to update customers on the situation and allow them to see if they were potentially affected by the hack. In order to check, users must enter their last name and last six digits of their social security number.
If you’re understandably wary of falling prey to potentially false sites, there are a few things you can do to ensure you’re in the right place. First, your browser should inform you if a site is secure or not by displaying a lock icon in the URL window (for the record, attempting to visit Sweeting’s site now leads to a security warning on many browsers). These sites should also begin with “https” as oppsed to just “http.” Additionally, specific to this case, Equifax has a link to their correct “Security 2017” site at the top of Equifax.com.
Finally, just like before this week’s drama, it’s highly important that you obtain a copy of your credit report and verify its accuracy. This can be done by visiting AnnualCreditReport.com (again — beware of imitators), which entitles you to a free report from each bureau every once per year. From there, you’ll definitely want to continue monitoring your credit as the impact from the Equifax hack may be felt for many years to come.
While we can all hope that this is the end of Equifax putting us in danger for a while, this incident is actually a great reminder to be vigilant when entering sensitive information on the Internet and pay close attention to who you give this info out to. It’s a scary world out there — be sure to protect yourself.