Wait, what is the real link?

ceejayoz · on Sept 20, 2017

https://www.equifaxsecurity2017.com/

Pretty much the only way to verify that's the right site is the fact that Equifax.com links to it, although this tweet indicates even that isn't necessarily a reason to trust it.

Why it's not a subdomain of Equifax.com is completely beyond me.

(Even better, the eligibility / credit monitoring signup takes you to another domain, https://trustedidpremier.com/)

jwilk · on Sept 20, 2017

You can tell this is the legit site, because there's "O = Equifax Inc" in the certificate subject.

Haha, just kidding, their certificate is DV.

jdavis703 · on Sept 20, 2017

The certificate lists the registered organization as "GeoTrust Inc." Shouldn't it be registered to "Equifax Inc?" I'm not sure what other services (such as web hosting) GeoTrust might also offer, but I wouldn't trust this website actually belongs to Equifax.

ceejayoz · on Sept 21, 2017

That's the SSL vendor (and a prominent one). You'll find Amazon's cert comes from Symantec, for example.

jdavis703 · on Sept 21, 2017

Yes, but my understanding is the organization name is supposed to be the entity you're doing business with. How else do you know that the owner of that domain is who the webpage claims they are if the organization and SSL vendor are the same? I'm not doing business with GeoTrust, it's with Equifax.

scarmig · on Sept 20, 2017

Careful, the two links posted below are people screwing with you to prove a point. The real link is http://www.equifaxsecuritybreach2017.com

You know it's real because it's http.

devillius · on Sept 20, 2017

Are you sure it's not https://www.equifaxbreach2017.com

/s