时间:2024-09-20 10:49:39 来源:网络整理编辑:探索
In failing to correctly patch a known vulnerability and exposing the personal data of potentially 14
In failing to correctly patch a known vulnerability and exposing the personal data of potentially 143 million Americans to hackers, Equifax made a security blunder of epic proportions — however, it appears the company is just getting started.
Leaving its digital doors wide open to criminals apparently wasn't enough for the credit reporting agency, as it's now sending hack victims directly into the open arms of unknown internet pranksters.
Yes, Equifax is directing those concerned about the data breach and its repercussions to a fake website set up to troll the company itself. That's right, the official Equifax Twitter account is pointing people to what looks to be a fakesite (aka a phishing site).
SEE ALSO:Equifax screwed up yet again, and it's scrambling to fix this latest messFollowing a data breach of this size, it's not unusual to see websites pop up that mimic official help pages. Typically, the goal of these phishing sites is to trick worried consumers into handing over their personal information. In this case, Equifax created a very real site — https://www.equifaxsecurity2017.com — where people can enter their last name along with the last six digits of their social security number to see if they were affected by the hack.
Unsurprisingly, someone cloned that site and hosted that copy at a very similar URL: https://securityequifax2017.com. The two sites, one real and one fake, look the same to the casual observer. In fact, they are so easily confused that Equifax itself apparently can't tell the difference.
Come on, Tim.Credit: mashableIf you look closely at the above pictured Twitter exchange, you'll see that someone operating the Equifax account named Tim linked to the fake website. The timestamp on the tweet is from September 19, and the tweet was still up as of the morning of September 20 (it was deleted during the course of writing this story).
Also, this is not the only tweet that listed the incorrect website. It happened at least eight times.
Tweet may have been deleted
Thankfully, the maker of the spoofed site seems more interested in calling out Equifax for their incompetence than stealing the personal information of unsuspecting victims. Probably.
"Cybersecurity Incident & Important Consumer Information Which is Totally Fake, Why Did Equifax Use A Domain That's So Easily Impersonated By Phishing Sites," reads the header of the fake site.
"Equifax should have hosted this on equifax.com with a reputable [EV] SSL Certificate. Instead they chose an easily impersonated domain and used a jelly-bean SSL cert that any script kiddie can impersonate in 20min," the fake site adds.
Clicking through the links prompts a person to enter their last name and last six of their SSN, much like on the real Equifax site, but upon hitting "continue" the cloned webpage gives you a warning. "you just got bamboozled," reads a popup window. "this isnt a secure site [sic]! Tweet to @equifax to get them to change it to equifax.com before thousands of people loose [sic] their info to phishing sites!"
The fake phishing site.Credit: mashableIt's not clear if the site captures the data entered by a tricked consumer, or if it discards it. There is no real contact information on the page, and many of the links take you to a YouTube video for Rick Astley's "Never Gonna Give You Up" — a classic internet prank known as "rickrolling." A WHOIS lookup of the domain shows it was created on September 8, but does not list the owner.
Security researcher Nick Sweeting, however, has taken credit for the site, and claims he is not stealing any of the entered data.
Tweet may have been deleted
Tweet may have been deleted
"[Equifax's] response to this incident leaves millions vulnerable to phishing attacks on copycat sites," reads the fake page. "This is why you don't put your security incident website on a domain that looks like a scam (with an Amazon SSL cert), no-one can tell the difference between the real thing an a phishing site."
That the aforementioned "no-one" includes whoever's running Equifax's Twitter account doesn't bode well for the company — or anyone unlucky enough to have their personal information collated in its massive and poorly secured database.
What does Equifax have to say about all this? Unfortunately, not much.
“All posts using the wrong link have been taken down," a spokesperson told Mashable via email. "To confirm, the correct website is https://www.equifaxsecurity2017.com. We apologize for the confusion.”
No word yet on whether or not Tim will be forced to apologize to all of us directly.
TopicsCybersecurity
You can now play 'Solitaire' and 'Tic2024-09-20 10:33
【波盈足球】 世足興奮換到梅西千場戰袍交給家人 澳洲球員已不知球衣下落 ( 球衣,梅西 )2024-09-20 10:32
英格蘭隊3:0戰勝威爾士隊晉級16強(英格蘭32024-09-20 09:51
英格蘭隊3:0戰勝威爾士隊晉級16強(英格蘭32024-09-20 09:43
Sound the alarms: Simone Biles finally met Zac Efron2024-09-20 09:38
【波盈足球】 聖誕氣氛滿滿 安聯小小世界盃決戰台北田徑場 ( 足球,台北 )2024-09-20 09:14
【波盈足球】 2022安聯小世足落幕 5組冠軍產生 ( 球員,獵豹 )2024-09-20 08:53
【天下體育足球】 沙特體育部長 :我們會支持國內私人資本收購曼聯、利物浦 ( 沙特,曼聯 )2024-09-20 08:50
Satisfy your Olympics withdrawals with Nike's latest app2024-09-20 08:40
2022卡塔爾世界杯小組賽總結和16強簡單預測(世界杯2022賽程及結果)2024-09-20 08:38
Here's what 'Game of Thrones' actors get up to between takes2024-09-20 10:33
【波盈足球】 世足「穿黑袍舉盃」好委屈?梅西可賺100萬美元 ( 黑袍,阿拉伯 )2024-09-20 10:14
小組賽第二輪戰罷,幾隊歡喜幾隊憂?小組第三輪出線情況大預測(世界杯第二輪預選賽結果)2024-09-20 10:11
2022年世界杯 ,哪些強隊會止步於16強爆出大冷門?(德國沒有進16強)2024-09-20 09:55
PlayStation Now game streaming is coming to PC2024-09-20 09:47
世界杯小組第二輪賽事前瞻:英格蘭VS美國焦點大戰 ,德國和阿根廷事關出線(世界杯第二階段小組賽賽程)2024-09-20 09:44
能不能分析 、預測一下2022 年卡塔爾世界杯各組形勢,各支球隊的形勢 ,四強,冠軍等?(世界杯2022比賽時間)2024-09-20 09:13
荷蘭vs阿根廷誰厲害(世界杯2022歐洲預選賽荷蘭)2024-09-20 08:38
Early Apple2024-09-20 08:23
世界杯兩輪小組賽結束!3隊提前晉級16強,德國迎生死戰,2隊出局(世界杯多少組小組賽)2024-09-20 08:20