Equifax may not seem to get it right.

The credit Bureau has been sending victims of massive data breaches to a fake website that shares a similar address to the one it created to help victims, it admitted on Thursday. 

After Equifax revealed that its computer systems had been hacked and the personal data of 143 million Americans had been exposed, the company set up a website , equifaxsecurity2017.com, which helped consumers verify whether their data is part of the breach. 

Directing consumers to this site-as opposed to a page on its standard equifax.com -raised red flags because it increased the chances that consumers hunting, or lured, to a secure breach site would be wrong on a malicious site with a similar address. To prove this point, developer Nick Sweeting created a website securityequifax2017.com, a simple inversion of the first two words. And then, Equifax’s own support team directed customers to that URL via Twitter, reports the Verge. 

“It makes it ridiculously easy for scammers to come and build clones – they can buy up dozens of domains, and typo-squats to get people to type in their information,” Sweeting told tech publications.

Not only that, but the equifaxsecurity2017 site then sent visitors to a completely different URL to see if they were potentially affected by the breach. This URL,trustedidpremier.com, was real but confused and concerns many because it was an external address.

Consumers are particularly vulnerable to detection and information theft following news of a big data breach. Criminals use this opportunity to send phishing emails and other electronic overtures disguised as legitimate help to steal information. 

In a statement to the US TODAY, Equifax said all tweets with the wrong link to the website had been deleted and it apologised to customers. “Consumers should be aware of fake websites allegedly operated by Equifax,” he said. 

Equifax’s legitimate website was marred by problems from the start, with users complaining the site was unable to confirm whether they were affected by the breach. The site’s request for six digits of their social security number also raised security concerns and was accepted by some web browsers as a possible phishing Scam.

The day after the hack and launch of the legal aid site, the scammers created 194 phishing sites that shared similar addresses with equifaxsecurity2017.com

Read more: Equifax’s post-hack site looked like a phishing threat to some browsers

Read more: Equifax data leak: I tried to freeze my credit. There were problems.

Read more: Equifax data leaks: how to freeze credit

Follow Brett Molina on Twitter: @brettmolina23.