Call Don’t Click: Discussion of Findings
The report findings are divided into two sections: findings on fraudulent domains, and findings relating directly to the actual annualcreditreport.com site.
Findings on Fraudulent, deceptive, or misspelled domains
To date, 96 known misspelled domains are registered;  28 of these domains belong to Experian, 68 of these domains belong to other individuals who are exploiting the misspellings with deceptive “pretender” domains and pay per click marketing schemes that lead consumers to for-pay services at Experian and other credit services such as “MyFico” at FairIsaac. Of the total number of typo domains, 50 are currently online and some of these domains are highly deceptive. Of the 50 active imposter domains, there are two primary methods by which consumers are misled.
A. The active imposter domains may incorrectly claim to be annualcreditreport.com on their home pages.
B. Some of the domains may correctly label their home pages, but then incorrectly include deceptive domain forwarding information within their source code. This deceptive information incorrectly identifies the domain to a search engine, or a credit bureau, or other ad partner or affiliate.
In the graphic below (Figure 1) , is an example of an imposter domain. Here, annualceditreport.com is claiming on its home page to be annualcreditreport.com, and boasting that it is “Your Access to Free Credit Reports.”
Misspelled domains owned by Experian
Experian purchased at least 28 domains on July 27, 2004.  Each domain is comprised of a close misspelling of annualcreditreport.com, the official free credit report site.
The Experian-owned misspelled domains are:
The Experian domains have name servers of ns03consumerinfo.com/ns04 consumerinfo.com. This is important, because even though these domains were registered to GoDaddy via Domains by Proxy, nameservers are unlikely to lie.
ConsumerInfo.com is an Experian company, and is an active domain. Its nameservers are ns03/ns04 consumerinfo.com, the same as the domains above.
Qspace.com, a domain receiving numerous “pay per click” flows from the parked domains mentioned in this report, is also registered to ConsumerInfo.com, and uses the ns03/ns04 consumerinfo name servers.
As of the report date, the 28 Experian domain names listed above did not have active Web sites.
Misspelled Domains Owned by Other Companies
Researchers found 68 misspelled domains owned by a variety of companies and individuals. The total known number of the misspelled domains known to be owned or hosted by pay per click companies is 68. Fifty of the domains are live, 18 have been taken out but were not online as of the time of writing. 
During research for this report, a number of the domains changed status. For example, one domain that was live in December still exists, but has been taken offline. Other domains that were not online now are.
There is a high possibility that more misspelled domains already exist, or will be taken out in the future. There is also the possibility that the live and non-live domains will continue to shift.
50 “live” imposter domains:
18 purchased imposter domains not currently online:
Other Problematic Domains to be aware of:
The domain annualcreditservice.com is associated with pay-per-click schemes and sends consumers to various for-pay services. It is included here because the site also uses the annualcreditreportinfo.org name deceptively. Annualcreditreportinfo.org is a domain owned by the three credit bureaus, not by annualcreditservice.com.
How the Owners of the Misspelled Domains are Making Money on Consumer Confusion
The deceptive and misspelled domains that are hosted at or owned by “pay per click” companies are highly problematic on a number of levels.
First, the misspelled sites are sending consumers to for-pay services at the credit reporting bureaus, and the owners of the misspelled imposter sites are getting paid to do this. They are getting paid because someone somewhere paid for a keyword or Internet marketing campaign. There is a possibility that the credit bureaus themselves are paying the misspelled sites or their partners because the imposter sites or their partners have joined one or more of the credit bureaus’ “affiliate” programs. 
What is most troubling is that the keyword phrase “free online credit report” is being used to target and send consumers to for-pay services at Experian and other sites instead of to the federally mandated free credit report site, annualcreditreport.com.
How the scheme works: the specifics
This is a simplified explanation of what is happening to consumers. For more details and examples of how the source code looks and operates, please see Appendix A.
1. An individual types in official annualcreditreport.com domain name with a misspelling. In this example the typo domain is annualcresitreport.com.
2. The annualcresitreport.com domain name is parked at or managed by a “pay per click” domain company, in this example, the annualcresitreport.com Web site is parked at DomainSponsor.com.
3. The annualcresitreport.com home page contains links to Free Credit Reports and similar topics. (PDF of home page).
4. Consumers who click on the “Free Credit Report Online” links will be taken to a page of “sponsored links.” The four sponsored links on the site in this example are “Free Credit Report Now,” Instant Credit Report, Online Credit Report, and Free Credit Report. (PDF of Sponsored Links page).
5. After clicking one of these sponsored links, individuals will be redirected through a series of Web sites. This will happen so quickly that most will never see the information flashing across the address bar. For example, say a consumer clicks on the sponsored link “Free Credit Report.” In this example, that link will take the consumer first to Information.com then to Google.com, then finally, the consumer will land on an Equifax credit bureau site that lets consumers check their credit — for a fee. All of this redirection will happen in the blink of an eye and will not be obvious to most consumers.
(PDF of ConsumerInfo via Qspace, arrived at via clicking on the imposter site link).
The reason this redirection happens is so that keywords or search terms can be passed along to advertising partners. This ensures that everyone in the chain gets a commission from the click. Meanwhile, ConsumerInfo.com/Experian gets customers. And the owner of the annualcresitreport.com domain gets a potential financial payout from the click-through.
Everyone makes money or gets a benefit, except for the consumer who did not make it to the real annualcreditreport.com site.
For the record, the annualcresitreport.com imposter site in this example had four “sponsored links” leading to the following sites:
- Sponsored Link: Free Credit Report Service (An Experian Company)
- Leads to:
- Sponsored Link: MyFICO.com, a division of FairIsaac
Leads to: <http://www.myfico.com/?lpid=GGLE1011>
- Sponsored Link: ConsumerInfo.com, an Experian company
- Leads to: < http://qspace.iplace.com/cobrands/457/default.asp?sc=6163GGMN>
- Sponsored Link: CreditProtect by Identity Guard
Leads to: <http://www.identityguard.com/se/landing_se_cm_cptrial.asp>
Specific Pay Per Click Companies Involved in AnnualCreditReport.com misspellings
As previously stated, 68 of the 96 misspelled domains are registered to or somehow connected to pay-per-click companies. These companies specialize in creating hundreds and sometimes thousands of domains for the sole purpose of making money from keyword or search engine ad sales. Usually the only way these imposter sites make money in the context of the misspelled domains is when an individual misspells a domain and clicks all the way through to a final destination page, which in some cases only takes two or three exploratory clicks.
Many of the imposter domains are redirected by DomainSponsor,  a “pay per click” domain parking engine. This is revealed by the name servers of nsproredirect1/nsproredirect2, which are the well-known name servers Domain Sponsor allows domain parkers to use.  The domains parked at Domain Sponsor make extensive use of iFrames to disguise what is happening to consumers.
Imposter domains that were “live” at the time of writing were hosted by the following companies on the following name servers:
Name Server: NS1.PROREDIRECT.COM
Name Server: DNS1.NAME-SERVICES
Name Server: PARK17.SECURESERVER.NET
Name Server: NS1.RENTALQUEUE.COM
Name Server: NS1.DOMAINHOP.COM
Note: One misspelled domain that was live in December 2004 was hosted by Fabulous at Fabulous.com name servers, however, this domain was taken down and no other Fabulous hosted domains were found.
Consumers who mistype in annualcreditreport.com and land at one of these active imposter domains will be besieged by pop-ups, pop-unders, and persistent advertisement windows.  Researchers documented pop-up advertisements for Phoenix University, virus scanning software, a host of “free” items, and credit report advertisements.
Consumers who land on these domains should simply close their browsers and start over, or simply call the toll free number for their credit report.
Finally, some of these pay per click companies also own or are affiliated with search engine sites. For example, DomainSponsor is affiliated with Information.com.
Information.com in turn collects all of the information flowing into its site from the imposter domains and makes money by selling or sharing the information. 
Based on the WHOIS registry information and information on Information.com and DomainSponsor, it is possible to go one step further. DomainSponsor.com is registered by Oversee.net, and Information.com is also registered by Oversee.net. Information.com states on its Web site that it is an Oversee.net company. It appears that Information.com uses its apparent DomainSponsor product to set up imposter domains and feeds the keywords and ad campaigns into its own search engine.
 For date, nameserver, and registration details on each of the registered domans, see Appendix B.
 This figure was determined by conducting DiG lookups and checking WHOIS registry information for the domains and then comparing the domain nameserver information with nameservers used to host other known Experian domains.
 Last check of the live domain names was conducted on February 21, 2005.
 For general information about how affiliate sharing can work, Wired Magazine has a good article on this subject. Wired, “Shady Web of Affiliate Marketing,” Feb. 10, 2005, Ryan Singel. See< http://www.wired.com/news/privacy/0,1848,66556,00.html >.
 A confirmation of this is the DiG lookup of proredirect.com: proredirect.com name servers are ns2.oversee.net and ns1.oversee.net. Oversee.net is the parent company for DomainSponsor.
 DomainSponsor, in its FAQ page, discusses the benefits of using pop-ups at sites parked at its service. See < http://www.domainsponsor.com/faq.html>.
Roadmap: Call, Don’t Click – Why it’s smarter to order federally mandated free credit reports via telephone, not the Internet: Discussion of Findings