Looking up trouble: The Equifax data breach and search engine poisoning
Hackers are still leveraging the massive Equifax data breach to trick users, two years after the initial infringement. While the breach itself leaked the personal information of 147 million Americans, the way Equifax has responded to the incident has allowed hackers to easily target affected users just trying to maintain their security. Equifax has faced a serious issue where hackers create fake versions of their websites to collect personal information. These fake websites were then distributed through phishing emails, shared over social media, and would pop up on the top of search engine results through the use of a tactic called search engine poisoning.
Search engine poisoning is the practice of creating a malicious website and using search engine optimization tactics to make these websites appear more prominently in search results. When looking up specific websites, many users will type certain keywords into the address bar in their browsers and usually a search engine will navigate them to the right space. This habit allows for hackers to target a few keywords and make their malicious phishing website one of the top results. This can have a trickle-down effect, as the phishing URL is then shared throughout social media and online news articles.
When Equifax launched the website for users to check whether or not they were affected by the data breach, equifaxsecurity2017.com, cybersecurity professionals quickly pointed out that a solution not hosted on Equifax.com would lead to copycat websites looking to exploit users. To prove a point, Nick Sweeting, a software engineer, created securityequifax2017.com which mimicked the layout of the official offering, but changed the text to ask “Why Did Equifax Use A Domain That’s So Easily Impersonated By Phishing Sites?”
Securityequifax2017.com was shared through social media and quickly rose in search engine rankings so users looking to check if they were affected by the Equifax breach would wind up there instead of the official site. By the time securityequifax2017.com was taken offline, it had already gotten 200,000 individual web visits and the official Equifax Twitter account had linked to it three times. While securityequifax2017.com wasn’t malicious and didn’t collect user input, real phishing websites did take advantage of Equifax’s poor domain choice.
Blackhat copycat, again
Recently, Equifax has settled a class action lawsuit that gives those affected the ability to file a claim. The official website, Equifaxbreachsettlement.com, shares the same problems as equifaxsecurity2017.com; it’s not hosted on Equifax.com, making it easily impersonated by phishing websites. If you are entitled to a claim, make sure you use the official website and aren’t tricked into submitting your information to a phishing scam. Using a search engine to find a link to the official site may prove dangerous in the next few weeks, as scammers will try to take advantage of the optimization of those engines to phish for personal information.
Search engine poisoning and phishing websites try to be as relevant as possible – they look at incidents in the news, popular movie releases, holidays, and important financial deadlines to craft a website to fool users. These websites can look exactly the same as the official sites, even down to the use of encryption, the only change being the website URL. Make sure that whenever you enter personal information or log into an account, you check the URL to make sure it’s legitimate. The best practice is to type in a trusted website and navigate to the pages you need from there. The use of a password manager can help make this easier, as the password manager won’t recognize the fake URL and enter your credentials.
You are the first line of defense when it comes to protecting yourself, your personal information, or your company's assets from cyberattacks. By remaining vigilant and staying informed, we can all reduce the risk of cyberattacks.