Call Don’t Click: Discussion of Findings

Report home | Read the report (PDF) | Previous section | Next section


The report findings are divided into two sections: findings on fraudulent domains, and findings relating directly to the actual site.

Findings on Fraudulent, deceptive, or misspelled domains

To date, 96 known misspelled domains are registered; [9] 28 of these domains belong to Experian, 68 of these domains belong to other individuals who are exploiting the misspellings with deceptive “pretender” domains and pay per click marketing schemes that lead consumers to for-pay services at Experian and other credit services such as “MyFico” at FairIsaac. Of the total number of typo domains, 50 are currently online and some of these domains are highly deceptive. Of the 50 active imposter domains, there are two primary methods by which consumers are misled.

A. The active imposter domains may incorrectly claim to be on their home pages.

B. Some of the domains may correctly label their home pages, but then incorrectly include deceptive domain forwarding information within their source code. This deceptive information incorrectly identifies the domain to a search engine, or a credit bureau, or other ad partner or affiliate.

In the graphic below (Figure 1) , is an example of an imposter domain. Here, is claiming on its home page to be, and boasting that it is “Your Access to Free Credit Reports.”

Figure 1. An imposter domain. Note the misspelling of the URL in the address bar.


Misspelled domains owned by Experian

Experian purchased at least 28 domains on July 27, 2004. [10] Each domain is comprised of a close misspelling of, the official free credit report site.

The Experian-owned misspelled domains are:

The Experian domains have name servers of This is important, because even though these domains were registered to GoDaddy via Domains by Proxy, nameservers are unlikely to lie. is an Experian company, and is an active domain. Its nameservers are ns03/ns04, the same as the domains above., a domain receiving numerous “pay per click” flows from the parked domains mentioned in this report, is also registered to, and uses the ns03/ns04 consumerinfo name servers.

As of the report date, the 28 Experian domain names listed above did not have active Web sites.

Misspelled Domains Owned by Other Companies

Researchers found 68 misspelled domains owned by a variety of companies and individuals. The total known number of the misspelled domains known to be owned or hosted by pay per click companies is 68. Fifty of the domains are live, 18 have been taken out but were not online as of the time of writing. [11]

During research for this report, a number of the domains changed status. For example, one domain that was live in December still exists, but has been taken offline. Other domains that were not online now are.

There is a high possibility that more misspelled domains already exist, or will be taken out in the future. There is also the possibility that the live and non-live domains will continue to shift.

50 “live” imposter domains:


 18 purchased imposter domains not currently online:

Other Problematic Domains to be aware of:

The domain is associated with pay-per-click schemes and sends consumers to various for-pay services. It is included here because the site also uses the name deceptively. is a domain owned by the three credit bureaus, not by

How the Owners of the Misspelled Domains are Making Money on Consumer Confusion

The deceptive and misspelled domains that are hosted at or owned by “pay per click” companies are highly problematic on a number of levels.

First, the misspelled sites are sending consumers to for-pay services at the credit reporting bureaus, and the owners of the misspelled imposter sites are getting paid to do this. They are getting paid because someone somewhere paid for a keyword or Internet marketing campaign. There is a possibility that the credit bureaus themselves are paying the misspelled sites or their partners because the imposter sites or their partners have joined one or more of the credit bureaus’ “affiliate” programs. [12]

What is most troubling is that the keyword phrase “free online credit report” is being used to target and send consumers to for-pay services at Experian and other sites instead of to the federally mandated free credit report site,

How the scheme works: the specifics

This is a simplified explanation of what is happening to consumers. For more details and examples of how the source code looks and operates, please see Appendix A.

1. An individual types in official domain name with a misspelling. In this example the typo domain is

2. The domain name is parked at or managed by a “pay per click” domain company, in this example, the Web site is parked at

3. The home page contains links to Free Credit Reports and similar topics. (PDF of home page).

4. Consumers who click on the “Free Credit Report Online” links will be taken to a page of “sponsored links.” The four sponsored links on the site in this example are “Free Credit Report Now,” Instant Credit Report, Online Credit Report, and Free Credit Report. (PDF of Sponsored Links page).

5. After clicking one of these sponsored links, individuals will be redirected through a series of Web sites. This will happen so quickly that most will never see the information flashing across the address bar. For example, say a consumer clicks on the sponsored link “Free Credit Report.” In this example, that link will take the consumer first to then to, then finally, the consumer will land on an Equifax credit bureau site that lets consumers check their credit — for a fee. All of this redirection will happen in the blink of an eye and will not be obvious to most consumers.

(PDF of ConsumerInfo via Qspace, arrived at via clicking on the imposter site link).

The reason this redirection happens is so that keywords or search terms can be passed along to advertising partners. This ensures that everyone in the chain gets a commission from the click. Meanwhile, gets customers. And the owner of the domain gets a potential financial payout from the click-through.

Everyone makes money or gets a benefit, except for the consumer who did not make it to the real site.

For the record, the imposter site in this example had four “sponsored links” leading to the following sites:

Specific Pay Per Click Companies Involved in misspellings

As previously stated, 68 of the 96 misspelled domains are registered to or somehow connected to pay-per-click companies. These companies specialize in creating hundreds and sometimes thousands of domains for the sole purpose of making money from keyword or search engine ad sales. Usually the only way these imposter sites make money in the context of the misspelled domains is when an individual misspells a domain and clicks all the way through to a final destination page, which in some cases only takes two or three exploratory clicks.

Many of the imposter domains are redirected by DomainSponsor, [13] a “pay per click” domain parking engine. This is revealed by the name servers of nsproredirect1/nsproredirect2, which are the well-known name servers Domain Sponsor allows domain parkers to use. [14] The domains parked at Domain Sponsor make extensive use of iFrames to disguise what is happening to consumers.

Imposter domains that were “live” at the time of writing were hosted by the following companies on the following name servers:




Budget Names

Domain Hop

Note: One misspelled domain that was live in December 2004 was hosted by Fabulous at name servers, however, this domain was taken down and no other Fabulous hosted domains were found.

Consumers who mistype in and land at one of these active imposter domains will be besieged by pop-ups, pop-unders, and persistent advertisement windows. [15] Researchers documented pop-up advertisements for Phoenix University, virus scanning software, a host of “free” items, and credit report advertisements.

Consumers who land on these domains should simply close their browsers and start over, or simply call the toll free number for their credit report.

Finally, some of these pay per click companies also own or are affiliated with search engine sites. For example, DomainSponsor is affiliated with in turn collects all of the information flowing into its site from the imposter domains and makes money by selling or sharing the information. [16]

(PDF of privacy policy.)

Based on the WHOIS registry information and information on and DomainSponsor, it is possible to go one step further. is registered by, and is also registered by states on its Web site that it is an company. It appears that uses its apparent DomainSponsor product to set up imposter domains and feeds the keywords and ad campaigns into its own search engine.






[9] For date, nameserver, and registration details on each of the registered domans, see Appendix B.

[10] This figure was determined by conducting DiG lookups and checking WHOIS registry information for the domains and then comparing the domain nameserver information with nameservers used to host other known Experian domains.

[11] Last check of the live domain names was conducted on February 21, 2005.

[12] For general information about how affiliate sharing can work, Wired Magazine has a good article on this subject. Wired, “Shady Web of Affiliate Marketing,” Feb. 10, 2005, Ryan Singel. See<,1848,66556,00.html >.

[13] <>

[14] A confirmation of this is the DiG lookup of name servers are and is the parent company for DomainSponsor.

[15] DomainSponsor, in its FAQ page, discusses the benefits of using pop-ups at sites parked at its service. See <>.

[16] may make additional revenue from the incoming data, beyond affiliate marketing. This is hinted at in the privacy policy, which states: “Individual customers who reside in California and have provided their personal information to us may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes.” See: <> Last visited February 24, 2005.



Roadmap: Call, Don’t Click – Why it’s smarter to order federally mandated free credit reports via telephone, not the Internet:  Discussion of Findings


Report home | Read the report (PDF) | Previous section | Next section