Call Don’t Click: Discussion of Findings

Report home | Read the report (PDF) | Previous section | Next section

 

The report findings are divided into two sections: findings on fraudulent domains, and findings relating directly to the actual annualcreditreport.com site.

Findings on Fraudulent, deceptive, or misspelled domains

To date, 96 known misspelled domains are registered; [9] 28 of these domains belong to Experian, 68 of these domains belong to other individuals who are exploiting the misspellings with deceptive “pretender” domains and pay per click marketing schemes that lead consumers to for-pay services at Experian and other credit services such as “MyFico” at FairIsaac. Of the total number of typo domains, 50 are currently online and some of these domains are highly deceptive. Of the 50 active imposter domains, there are two primary methods by which consumers are misled.

A. The active imposter domains may incorrectly claim to be annualcreditreport.com on their home pages.

B. Some of the domains may correctly label their home pages, but then incorrectly include deceptive domain forwarding information within their source code. This deceptive information incorrectly identifies the domain to a search engine, or a credit bureau, or other ad partner or affiliate.

In the graphic below (Figure 1) , is an example of an imposter domain. Here, annualceditreport.com is claiming on its home page to be annualcreditreport.com, and boasting that it is “Your Access to Free Credit Reports.”

Figure 1. An imposter domain. Note the misspelling of the URL in the address bar.

 

Misspelled domains owned by Experian

Experian purchased at least 28 domains on July 27, 2004. [10] Each domain is comprised of a close misspelling of annualcreditreport.com, the official free credit report site.

The Experian-owned misspelled domains are:

annualcreditrepot.com

annualreditreport.com

annualcredreport.com

annualcreditraport.com

annulcreditreport.com

annualcredtreport.com

annualcredtreport.com

annualcrditreport.com

annualcreditreporrt.com

annuallcreditreport.com

anuelcreditreport.com

annuelcreditreport.com

ennualcreditreport.com

ammualcreditreport.com

anyualcreditreport.com

annualcraditreport.com

annualcredatreport.com

annualcreditteport.com

annualcreditriport.com

annualcreditrepart.com

annualkreditreport.com

annualcredittreport.com

annualcreditreeport.com

annualcreditreportt.com

annualvreditreport.com

annualcredittreport.com

annualcreditrreport.com

annualcreditreeport.com

The Experian domains have name servers of ns03consumerinfo.com/ns04 consumerinfo.com. This is important, because even though these domains were registered to GoDaddy via Domains by Proxy, nameservers are unlikely to lie.

ConsumerInfo.com is an Experian company, and is an active domain. Its nameservers are ns03/ns04 consumerinfo.com, the same as the domains above.

Qspace.com, a domain receiving numerous “pay per click” flows from the parked domains mentioned in this report, is also registered to ConsumerInfo.com, and uses the ns03/ns04 consumerinfo name servers.

As of the report date, the 28 Experian domain names listed above did not have active Web sites.

Misspelled Domains Owned by Other Companies

Researchers found 68 misspelled domains owned by a variety of companies and individuals. The total known number of the misspelled domains known to be owned or hosted by pay per click companies is 68. Fifty of the domains are live, 18 have been taken out but were not online as of the time of writing. [11]

During research for this report, a number of the domains changed status. For example, one domain that was live in December still exists, but has been taken offline. Other domains that were not online now are.

There is a high possibility that more misspelled domains already exist, or will be taken out in the future. There is also the possibility that the live and non-live domains will continue to shift.

50 “live” imposter domains:

anulecreditreport.com

anualecreditreport.com

annualecreditreport.com

annuallecreditreport.com

anuallecreditreport.com

annuslcreditreport.com

annuolcreditreport.com

annialcreditreport.com

anialcreditreport.com

annualxreditreport.com

annualcteditreport.com

annualcteditreport.com

annualcrefitreport.com

annualcredditreport.com

annualcredittreports.com

annualcreditrreports.com

annualcreditreeports.com

annualcreditreeports.com

annuallcreditreports.com

annualcreditreporrts.com

annualcreditrports.com

annualcredtreports.com

annualcrditreports.com

nnualcreditreport.com

nnualcreditreports.com

annualcreditroport.com

annualcreditrepirt.com

annualcreditrepprt.com

anmualcreditreport.com

annuilcreditreport.com

annuakcreditreport.com

annualcresitreport.com

annualccreditreport.com

annualcredditreport.com

annualcreditrepoort.com

annualcreditrepoorts.com

annualccreditreport.com

annualcrreditreport.com

annualcrreditreports.com

annualcredditreports.com

annuelcreditreports.com

annalcreditreports.com

annalcreditreport.com

snnualcreditreport.com

annualcreditreprts.com

anualcreditreports.com

annuacreditreport.comv

annualcreditrepports.com

annualcreditrepport.com

annualceditreports.com

 18 purchased imposter domains not currently online: 

Anuallcreditreport.com

aanualcreditreport.com

amnualcreditreport.com

annyualcreditreport.com

annyulcreditreport.com

annulecreditreport.com

annuulcreditreport.com

annualcrwditreport.com

annualcreditrepott.com

anualcreditreport.com

annualceditreport.com

annualcredotreport.com

annualcredutreport.com

annualcredirreport.com

annualcrediteeport.com

annualcreditreoort.com

annualcreditrwport.com

annualcreditrepoet.com

Other Problematic Domains to be aware of:

The domain annualcreditservice.com is associated with pay-per-click schemes and sends consumers to various for-pay services. It is included here because the site also uses the annualcreditreportinfo.org name deceptively. Annualcreditreportinfo.org is a domain owned by the three credit bureaus, not by annualcreditservice.com.

How the Owners of the Misspelled Domains are Making Money on Consumer Confusion

The deceptive and misspelled domains that are hosted at or owned by “pay per click” companies are highly problematic on a number of levels.

First, the misspelled sites are sending consumers to for-pay services at the credit reporting bureaus, and the owners of the misspelled imposter sites are getting paid to do this. They are getting paid because someone somewhere paid for a keyword or Internet marketing campaign. There is a possibility that the credit bureaus themselves are paying the misspelled sites or their partners because the imposter sites or their partners have joined one or more of the credit bureaus’ “affiliate” programs. [12]

What is most troubling is that the keyword phrase “free online credit report” is being used to target and send consumers to for-pay services at Experian and other sites instead of to the federally mandated free credit report site, annualcreditreport.com.

How the scheme works: the specifics

This is a simplified explanation of what is happening to consumers. For more details and examples of how the source code looks and operates, please see Appendix A.

1. An individual types in official annualcreditreport.com domain name with a misspelling. In this example the typo domain is annualcresitreport.com.

2. The annualcresitreport.com domain name is parked at or managed by a “pay per click” domain company, in this example, the annualcresitreport.com Web site is parked at DomainSponsor.com.

3. The annualcresitreport.com home page contains links to Free Credit Reports and similar topics. (PDF of home page).

4. Consumers who click on the “Free Credit Report Online” links will be taken to a page of “sponsored links.” The four sponsored links on the site in this example are “Free Credit Report Now,” Instant Credit Report, Online Credit Report, and Free Credit Report. (PDF of Sponsored Links page).

5. After clicking one of these sponsored links, individuals will be redirected through a series of Web sites. This will happen so quickly that most will never see the information flashing across the address bar. For example, say a consumer clicks on the sponsored link “Free Credit Report.” In this example, that link will take the consumer first to Information.com then to Google.com, then finally, the consumer will land on an Equifax credit bureau site that lets consumers check their credit — for a fee. All of this redirection will happen in the blink of an eye and will not be obvious to most consumers.

(PDF of ConsumerInfo via Qspace, arrived at via clicking on the imposter site link).

The reason this redirection happens is so that keywords or search terms can be passed along to advertising partners. This ensures that everyone in the chain gets a commission from the click. Meanwhile, ConsumerInfo.com/Experian gets customers. And the owner of the annualcresitreport.com domain gets a potential financial payout from the click-through.

Everyone makes money or gets a benefit, except for the consumer who did not make it to the real annualcreditreport.com site.

For the record, the annualcresitreport.com imposter site in this example had four “sponsored links” leading to the following sites:

Specific Pay Per Click Companies Involved in AnnualCreditReport.com misspellings

As previously stated, 68 of the 96 misspelled domains are registered to or somehow connected to pay-per-click companies. These companies specialize in creating hundreds and sometimes thousands of domains for the sole purpose of making money from keyword or search engine ad sales. Usually the only way these imposter sites make money in the context of the misspelled domains is when an individual misspells a domain and clicks all the way through to a final destination page, which in some cases only takes two or three exploratory clicks.

Many of the imposter domains are redirected by DomainSponsor, [13] a “pay per click” domain parking engine. This is revealed by the name servers of nsproredirect1/nsproredirect2, which are the well-known name servers Domain Sponsor allows domain parkers to use. [14] The domains parked at Domain Sponsor make extensive use of iFrames to disguise what is happening to consumers.

Imposter domains that were “live” at the time of writing were hosted by the following companies on the following name servers:

DomainSponsor
Name Server: NS1.PROREDIRECT.COM

Enom
Name Server: DNS1.NAME-SERVICES

GoDaddy
Name Server: PARK17.SECURESERVER.NET

Budget Names
Name Server: NS1.RENTALQUEUE.COM

Domain Hop
Name Server: NS1.DOMAINHOP.COM

Note: One misspelled domain that was live in December 2004 was hosted by Fabulous at Fabulous.com name servers, however, this domain was taken down and no other Fabulous hosted domains were found.

Consumers who mistype in annualcreditreport.com and land at one of these active imposter domains will be besieged by pop-ups, pop-unders, and persistent advertisement windows. [15] Researchers documented pop-up advertisements for Phoenix University, virus scanning software, a host of “free” items, and credit report advertisements.

Consumers who land on these domains should simply close their browsers and start over, or simply call the toll free number for their credit report.

Finally, some of these pay per click companies also own or are affiliated with search engine sites. For example, DomainSponsor is affiliated with Information.com.

Information.com in turn collects all of the information flowing into its site from the imposter domains and makes money by selling or sharing the information. [16]

(PDF of Information.com privacy policy.)

Based on the WHOIS registry information and information on Information.com and DomainSponsor, it is possible to go one step further. DomainSponsor.com is registered by Oversee.net, and Information.com is also registered by Oversee.net. Information.com states on its Web site that it is an Oversee.net company. It appears that Information.com uses its apparent DomainSponsor product to set up imposter domains and feeds the keywords and ad campaigns into its own search engine.

 

 

 

____________________________

Endnotes

[9] For date, nameserver, and registration details on each of the registered domans, see Appendix B.

[10] This figure was determined by conducting DiG lookups and checking WHOIS registry information for the domains and then comparing the domain nameserver information with nameservers used to host other known Experian domains.

[11] Last check of the live domain names was conducted on February 21, 2005.

[12] For general information about how affiliate sharing can work, Wired Magazine has a good article on this subject. Wired, “Shady Web of Affiliate Marketing,” Feb. 10, 2005, Ryan Singel. See< http://www.wired.com/news/privacy/0,1848,66556,00.html >.

[13] <http://www.domainsponsor.com>

[14] A confirmation of this is the DiG lookup of proredirect.com: proredirect.com name servers are ns2.oversee.net and ns1.oversee.net. Oversee.net is the parent company for DomainSponsor.

[15] DomainSponsor, in its FAQ page, discusses the benefits of using pop-ups at sites parked at its service. See < http://www.domainsponsor.com/faq.html>.

[16] Information.com may make additional revenue from the incoming data, beyond affiliate marketing. This is hinted at in the Information.com privacy policy, which states: “Individual customers who reside in California and have provided their personal information to us may request information about our disclosures of certain categories of personal information to third parties for their direct marketing purposes.” See: <http://www.information.com/help/privacy.html> Last visited February 24, 2005.

 

 

Roadmap: Call, Don’t Click – Why it’s smarter to order federally mandated free credit reports via telephone, not the Internet:  Discussion of Findings

 

Report home | Read the report (PDF) | Previous section | Next section