Equifax Screws Up Again, This Time Sending Consumers to a Spoof Breach Site

credit cards and lock on top of laptop keyboard
turk_stock_photographer/Getty Images

What else could go wrong for Equifax right now?

First, it admitted that 143 million consumers were affected by a security breach that took months to catch and patch. Then, news emerged of an earlier attack involving an Equifax payroll service getting compromised back in March.

The FBI and the Department of Justice are investigating the latter amid concerns that executives dumped their stock once the security breaches became evident.

In the midst of all this, concerned consumers are dealing with confusing rules of engagement from Equifax — and scam calls from outsiders.

The latest wrinkle in this web-security nightmare: Equifax gave out the wrong address to its breach-education website.

Reports show that Equifax representatives on Twitter directed consumers to securityEquifax2017.com on several occasions.

But the real website to see if you’re affected is Equifaxsecurity2017.com.

Whoops! But this simple mistake calls out how deep Equifax is mired in this debacle.

It’s Not a Scam, but it’s Complicated

The Verge detailed this URL mix-up and interviewed a very important player: Nick Sweeting, a developer who set up the spoof website.

“I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it,” Sweeting told The Verge. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”

Using Equifax.com/security2017, for instance, would associate the consumer action steps with the company and indicate the authenticity of the site.

Sweeting’s site doesn’t retain any consumer information, and Sweeting told the Verge he contacted Equifax about the challenges of its web address before customer service shared his spoof site. At the time of this writing, Sweeting’s spoof site is not available.

Equifax has removed the tweets sharing the incorrect URL.

How to Keep Your Information Safe

Is your head swimming with all this information about the Equifax breach? Take a deep breath: You really only need to remember these steps.

1. Visit Equifaxsecurity2017.com to find out if your information was compromised. Equifax offers free credit monitoring to those whose personal information has been exposed. If you don’t want to hang out with Equifax any more than you have to, there are other options — most of which have free versions that can catch major issues.

2. Don’t give information to anyone who contacts you about the breach. Equifax noted it will send snail mail to people whose credit card numbers were exposed. If you receive communication from someone claiming to be from Equifax, report it to the Federal Trade Commission.

3. If you suspect the worst or know that your identity has been compromised in the breach, visit identitytheft.gov for support reporting the crime and recovering your data.

How has the Equifax data breach affected you? Share your story with us. Email [email protected]

Lisa Rowan is a writer and producer at The Penny Hoarder.