The Risk of Knock-Off Domain Names

Earlier this month millions of American got the unpleasant news that their financial information had been or had possibly stolen in the Equifax breach.

Consumers worried that their information may have been compromised were sent to a website with the domain name to check if their information had indeed gotten stolen and if it had, a sign up for a free one-year subscription for its credit monitoring service.

The only problem is that this website was not the real, authorized Equifax site, but a knock-off.

Millions of scared, and anxious consumers who were frantically trying to halt further damage to their now exposed financial information were sent to a bogus website where they had to provide additional sensitive personal information.

Consumers were not just burned once, but twice.

What did Equifax do? How was this company hacked and taken advantage of twice?

The knock-off domain name received so much immediate traffic that many Equifax employees thought it was a legitimate website.

The fake website URL was even shared on Equifax’s social media.

This bogus domain name, however, was not the result of a malicious attack, but was whether an experiment by a data security researcher.

The researcher wanted to prove how easy it is for hackers to capitalize on people’s confusion, especially that of millions of people.

The fact that it had Equifax in the domain name, consumers and Equifax employees bought into the idea that it led to an authorized Equifax page.

The fake domain was not spotted many hours later for issues relating to the page’s hosting properties including:  WordPress stock installation (which isn’t secure enough to ask for people’s personal information), a poor performing TLS and the suspicious sounding URL, or domain name.

Once Equifax got word of the fake domain name, they deleted all references to the site on social media posts and instead posted the correct URL to the proper page,

It was interesting that Equifax did not take the route of hosting the complimentary credit monitoring page on the domain. If it had, the employees would likely not have been fooled into sharing the wrong domain name.


Identity thieves and hackers can easily capitalize on the type of mass confusion that resulted in the Equifax security breach.

Many of the millions whose personal financial information quickly and willingly divulged passwords and private, personal information without a thought on a made-up website that could have been created by tricky hackers and identity thieves and which could have installed computer-crippling malware.

As the debacle with Equifax shows, it is easy for scammers to copy the look and feel of a reputable, big company such as a bank or credit bureau, which in turn tricks consumers into thinking they are visiting the site of a company they know and trust, not a malicious one.

What you choose as a domain name matters. Large, well-known companies are better off buying multiple, related domains to help stem the possibility of the abuse of their website and brand name.

Domain names are also powerful in that many people will gladly go to a website with a company they know, love and trust listed in the domain name.

If you’re starting out on publishing a website for your company and still need a domain name, don’t hesitate to register one (after you decide on what it is). The longer one waits to buy a domain and the fewer one registers, the higher the chances are of someone with malicious intent will take advantage of your site.

If you’ve decided on a domain name, visit Domain Market and browse the wide selection of premium domain names. Feel free to contact us as well if you have any questions about domain names or the domain name registration process.

Leave a Comment