There have been quite a few mainstream media articles discussing how Equifax accidentally promoted an incorrect domain name for its recently activated security website, which was launched following a severe data breach. Apparently, someone created a look alike Equifax domain name, and the company (mistakenly) tweeted out that link instead of the authentic link.
Shortly after reading about the security breach in early September, I looked at Verisign’s DomainScope tool and saw that many Equifax domain names were just registered. I thought that this could be a concern for the company as well as the people seeking information from Equifax. Since my article was published, many other domain names were registered with Equifax or related terms within the domain name.
A couple of days ago, Daniel Negari tweeted that Equifax should have registered and used Equifax.Security instead of its reactively launched breach website, EquifaxSecurity2017.com:
Should use https://t.co/txxwng3dw1 $4,000 a yr is a higher barrier to entry @security
— DanielNegari (@DanielNegari) September 20, 2017
Daniel’s company operates the .Security new gTLD extension, so had this happened, the publicity would have benefitted his company.
Does Daniel have a point with his tweet? It would have been much more difficult for cybersquatters to register similar .Security domain names because of the cost. For instance, GoDaddy is selling .Security domain names (such as Equifax.Security) for $2,399.99. If people paid attention to the right of the dot and understand to look for the .Security extension, it surely would have made it more difficult for bad actors to replicate. Had Equifax operated the .Equifax extension (the company did not apply for the extension), it would have also made it more challenging to replicate since nobody else would have a .Equifax domain name.
On the other hand, I think many consumers would be confused by seeing a .Security domain name. In fact, having a .Security domain name instead of a .com domain name may have caused an even greater outcry because of the potential for confusion. Bad actors could still register the same types of names as they can now and likely have the same level of success confusing consumers.
I am curious if you think Equifax would have benefitted from buying and using the Equifax.Security domain name instead of EquifaxSecurity2017.com. Personally, I think they should have gone with something like Equifax.com/security with a big banner on its homepage. They also should have registered thousands of potentially confusing domain names.
I don’t believe any particular domain would be better than any other. What is important is for the domain to belong to Equifax. I checked whois on all the links.
Per Equity.security — how is a globally recognized trademark Equifax available to register on GoDaddy? as in Equifax.Security, or any other extension. I understand variations E……2017.com, etc as the former CIO had to create a quick site and try to get consumers to waive their rights to litigation
The key C-staff in security and tech all have been fired.
My info was compromised and I had to close accounts. I have outstanding counsel.
They should have used security.equifax.com or some other subdomain variation utilizing their existing trusted SLD. Using a new domain name just encourages spoofs and overlooks the inherent trust factor in their own existing domain. It is clear to me from the comedy of errors Equifax has created with this series of events and missteps that this company doesn’t deserve anyone’s trust. I think pathetic.equifax.com would be their best option.
They definitely should NOT have gotten a .security.
The renewal cost is the same as the registration cost.
even jibrishwtf.secruity cost more than $2K for registering and renewal….LOL
They need to get their cat together and fix their renewal prices to something much more normal…
Just opens up more opportunity for someone to register Equifax.secure as soon as it becomes available. .secure domains are pending release. If Equifax.security exists, Equifax.secure or Equifax.safe is that much more convincing. As you mentioned, I think Equifax.com/security/ is the most realistic and trustworthy place to be.
Should they have gone with an extension no one has heard about for thousands a year? No.
You get to vote which one you deserve 🙂
Note: you only get to pick one 🙂