After 143 Million people were affected by a security breach in Equifax, the company created another site directing customers to check whether their data including name, social security number, and other private information has been compromised or not. Sadly, it led to another “oops” moment for the company when their twitter account linked the bereaved customers to a spoof site.
— Dl@RM@lD (@MadcapOcelot) September 20, 2017
Equifax has created equifaxsecurity2017.com to help worried customers identify if they have been hacked or are in the safe zone. However, the site was a separate domain and quite easy to replicate.
“I created the clone in less than 20 minutes”- Nick Sweeting, creator of Spoof Site
Nick Sweeting, a full stack developer decided to show the company and the consumers about the vulnerabilities within the site and created the clone in less than 20 minutes. He told an associated press how he used a command in Linux called wget and downloaded all the images, CSS and HTML code of the original site.
Correction, they tweeted it over 8 times! (Some of them have been deleted)
— Nick Sweeting 🚲 (@thesquashSH) September 20, 2017
He then fed it to a $5 server and created the clone in under 20 minutes with the aim of bringing it to the notice of all Equifax users. Also, he ensured the people that all their data was not stored as the form was actually disabled.
“It was super easy to just suck their whole site down with wget and throw it on a $5 server. It currently has the same type of SSL certificate as the real version, so from a trust perspective, there’s no way for users to authenticate the real one vs. my server.”- Nick Sweeting
After the site got blacklisted by Google Safe browsing, he has since taken it down and assured user how it wasn’t malicious but just a small effort on his part to show the vulnerabilities and poor design of the Equifax site.
It should have been built as a subdomain of an Official Site
Cyber Analysts have been criticizing the Equifax for using a separate domain for their “security improvement” site. They shared how it should have been built as part of the official site, perhaps as a subdomain to recognize other malicious and fake sites easily.
The one created by Nick Sweeting played on the URL by preceding equifax after security. His fake site was called securityequifax2017.com while the original one is equifaxsecurity2017.com. The URL is quite easy to be confused with.
So, it doesn’t come as a surprise when the site received more than 2000 hits which turned to around 200,000 when Equifax Customer Support employee redirected the concerned customers to the lookalike site by mistake.
The spokesperson for Equifax apologized for the confusion in a written email sent to Associated Press. They also mentioned that all the wrong tweets have been since deleted.
“All posts using the wrong link have been taken down. To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion.”
From all the wrong tweets, it can be gathered that they came from a customer support employee or maybe an intern called “Tim”. Hoping he doesn’t get fired, Nick stated that it was not his fault but merely a major issue with Equifax who are still not amping up the security after the major breach that compromised data of millions of users posing them at risk of hackers and cybercrime.
“I just hope the employee who posted the tweet doesn’t get fired, they probably just Googled for the URL and ended up finding the fake one instead. The real blame lies with the people who originally decided to set the site up badly.” – Said by Nick Sweeting.
Apart from a written apology email, Equifax was not available for another response on the matter.