(FYI mods this is a repost of my original submission: https://news.ycombinator.com/item?id=15294218)

Ideally Equifax will listen and either move it to equifax.com, or take down the site altogether. Since the real version seems to be answering randomly, they may as well just shut the whole thing down.

But seeing as they're a massive, bumbling, bureaucratic organization, there's probably a non-zero change they'll try to sue me instead.

If there are any lawyers here, am I in potential legal hot water for making this site?

I am not a lawyer. I would strongly advise you to instead make it so obvious that the site is a lampoon. As in, when they enter, you respond with "This site is a mockery of Equifax. If you were lead here by Equifax or any affiliate, you are at the wrong site. I'm sorry, I can't help you. I can reinforce that if your information was compromised, more people may be attempting you use this to phish additional people."

Try entering some fake data into the form and hitting "Continue", I put a pretty clear message there, but I guess I can also put it elsewhere.

Devil's advocate: how does anyone know you're not actually phishing with this site?

You can watch the network using the network tab in devtools. No data is sent on the form's page.