Remember the Great Equifax Hack back in Sept 2017? Equifax came under a lot of fire for the way they handled the breach and one of their mistakes was using the custom domain for “customers” to check whether their personal information had been compromised. Shortly after the breach, several other lookalike domains were registered including In fact, the custom domain was so confusing that Equifax themselves directed people to the incorrect site via tweets on Twitter.

Two years later and it seems that large enterprises still don’t understand why this is a problem. TD bank is Canada’s second largest bank and yet they have repeated this mistake with their rewards program at and with their travel booking site ExpediaForTD. These should be and respectively. Why? Because only TD can create sites and issue certificates on the domain.

And that’s just good security.