There have been quite a few mainstream media articles discussing how Equifax accidentally promoted an incorrect domain name for its recently activated security website, which was launched following a severe data breach. Apparently, someone created a look alike Equifax domain name, and the company (mistakenly) tweeted out that link instead of the authentic link.
Shortly after reading about the security breach in early September, I looked at Verisign’s DomainScope tool and saw that many Equifax domain names were just registered. I thought that this could be a concern for the company as well as the people seeking information from Equifax. Since my article was published, many other domain names were registered with Equifax or related terms within the domain name.
A couple of days ago, Daniel Negari tweeted that Equifax should have registered and used Equifax.Security instead of its reactively launched breach website, EquifaxSecurity2017.com:
— DanielNegari (@DanielNegari) September 20, 2017
Daniel’s company operates the .Security new gTLD extension, so had this happened, the publicity would have benefitted his company.
Does Daniel have a point with his tweet? It would have been much more difficult for cybersquatters to register similar .Security domain names because of the cost. For instance, GoDaddy is selling .Security domain names (such as Equifax.Security) for $2,399.99. If people paid attention to the right of the dot and understand to look for the .Security extension, it surely would have made it more difficult for bad actors to replicate. Had Equifax operated the .Equifax extension (the company did not apply for the extension), it would have also made it more challenging to replicate since nobody else would have a .Equifax domain name.
On the other hand, I think many consumers would be confused by seeing a .Security domain name. In fact, having a .Security domain name instead of a .com domain name may have caused an even greater outcry because of the potential for confusion. Bad actors could still register the same types of names as they can now and likely have the same level of success confusing consumers.
I am curious if you think Equifax would have benefitted from buying and using the Equifax.Security domain name instead of EquifaxSecurity2017.com. Personally, I think they should have gone with something like Equifax.com/security with a big banner on its homepage. They also should have registered thousands of potentially confusing domain names.