CLOSE

These helpful tips can keep hackers out of your credit card accounts.
USA TODAY

SAN FRANCISCO — Instead of finding answers from Equifax’s website about whether or not they were affected by a huge data hack, nervous Americans found that solutions proposed on the credit reporting company’s website and on a helpline raised unnerving questions.

First, the main Equifax.com site was overloaded and intermittently unavailable over the course of Friday, a day after the breach was announced. Would-be users only received the unhelpful message that the server was busy and they should try back after a few minutes.

Next, users who did get through were sent to equifaxsecurity2017.com. Clicking through from there took them to an entirely different URL, trustedidpremier.com

Being routed to a different domain is a classic technique used by phishing scams. 

It’s especially concerning because scammers had registered at least 194 web addresses designed to lure the unwary into giving up their information as of Friday afternoon. Those addresses included the kinds of easily-made misspellings that people too easily type in.

equifaxsmcurity2017.com

equifaxsocurity2017.com

equifaxsrcurity2017.com

In this case, however, Equifax had registered a separate internet domain to handle inquiries about the cyberattack, so the site was legitimate.

Users who clicked through were told to enter their last name and the final six digits of their nine-digit Social Security numbers. The site would then tell them whether their personal information was compromised.

The six-digit requirement was surprising to many security experts. In fact, some browsers interpreted the request as a potential phishing scam and notified their users to avoid clicking on the link.

“Never give anyone the last 4 digits of your SSN, let alone the last 6,” advised Travis Mills, president of LibertyID, an identity theft information company. “Do not go onto Equifax.com to give them any more information. They have been compromised and should no longer be trusted.”

Equifax has determined that six digits is the minimum number needed to figure out whether an individual may have been impacted, it said in a statement to USA TODAY.

While Americans have become used to giving out the last four digits of their Social Security numbers to activate credit cards or confirm their identity with…