You may have seen Web sites or received unsolicited email offering credit reports, sometimes for free. Be aware that some of these online operators may not actually provide credit reports, but may be using these sites as a way to capture your personal information. From there, they may sell your information to others who may use it commit fraud, including identity theft.
This is a variation on “phishing,” also called “carding,” a high-tech scam that uses spam or fraudulent Web sites to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information.
The Federal Trade Commission (FTC), the nation’s consumer protection agency, urges you to take the following precautions when visiting sites or responding to email that offer credit reports:
- If you get an email offering a credit report, don’t reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
- Be skeptical of unsolicited email offering credit reports. Keep an eye out for email from an atypical address, like XYZ123@website.net, or an email address ending in a top level domain other than .com, like .ru or .de.
- Check whether the company has a working telephone number and legitimate address. You can check addresses at Web sites like www.switchboard.com, and phone numbers through reverse lookup search engines like www.anywho.com
- Check for misspellings and grammatical errors. Silly mistakes and sloppy copy – for example, an area code that doesn’t match an address – often are giveaways that the site is a scam. Look at the company’s Web address: is it a real company’s address or it is a misspelled version of a legitimate company’s Web address?
- Check to see whether the email address matches the Web site address. That is, when you enter the company’s Web address into the browser, does it go to the sender’s site or re-direct you to a different Web address? If it re-directs you, that’s a red flag that you should cease the transaction.
- Find out who owns the Web site by using a “Who is” search such as the search at www.networksolutions.com.
- Exit from any Web site that asks for unnecessary personal information, like a Personal Identification Number (PIN) for your bank account, the three-digit code on the back of your credit card, or your passport number and issuing country. Legitimate sites don’t ask for this information.
- All legitimate sites will want to verify who you are, and will respond to an electronic request for a credit report by asking you for an additional piece of information. If a site does not ask a follow-up question, the site is almost certainly a fake.
- Use only secure Web sites. Look for the “lock” icon on the browser’s status bar, and the phrase “https” in the URL address for a Web site, to be sure your information is secure during transmission. All real sites are secure.
- Watch your mailbox and credit card statements: If you’ve responded to a bogus site, you may never receive the credit report they offered for free. If you paid one of these sites for a credit report, your credit card may never be charged. If you find that you have unauthorized charges, contact your financial institutions and credit card issuers immediately.
- Report suspicious activity to the FTC and the U.S. Secret Service. Send the actual spam to the Los Angeles Electronic Crimes Task Force at LA.ECTF.email@example.com and to the FTC at firstname.lastname@example.org. If you believe you’ve been scammed, file your complaint at www.ftc.gov.