The Equifax breach, as we now all know, is completely terrible: Roughly 143 million customers in the U.S. had their personal data compromised. Concerned consumers are, naturally, looking for information — but fake sites or scams are everywhere.
The real site that Equifax is hosting for running updates on the data breach is EquifaxSecurity2017.com. Those three terms, in that order.
It’s important to note that — because clones, trying to get you to hand over even more personal data to would-be scammers, abound. A list of fake Equifax breach sites shared on Pastebin currently has more than 1,000 entries, including every typo and letter variation you can think of.
Unfortunately, even Equifax has gotten confused by the proliferation of fakes.
Equifax deleted the Tweet several hours after users noticed the error, but an archived version still exists.
Luckily, the variant Equifax was mistakenly Tweeting out isn’t an actual phishing site; it’s an attempt by a web developer to call attention to the fact that Equifax made a monumentally bad decision by launching an insecure, easily spoofed site to begin with.
Phishing scams — attacks that gather your personal data by pretending to be from a legitimate source — have popped up all over in the wake of the Equifax breach.
Our colleagues at Consumer Reports have created a guide outlining how you can best protect yourself if Equifax lost all your sensitive data. And the Federal Trade Commission and the New York Attorney General’s office have shared tips to help consumers avoid falling for an Equifax-related scam.