Call Don’t Click Update: Discussion – Fraudulent, deceptive, or misspelled domains are still a problem

Report home | Read the report (PDF) | Previous section | Next section


Researchers documented that 233 domains containing the keywords annual credit report or close misspellings of had been registered. [17] Of the total registered imposter domains, 112 +/- 3 were online and available to consumers as of June, 2005. The pretender domains showed up in some search engine results, and some of the pretender domains showed up in some search engines’ paid or sponsored listings sections.

The graphic below (Figure 1) is an example of an imposter domain pretending to be the real Here, (note the missing “r” in credit) is claiming on its home page to be, and boasting that it is “Your Access to Free Credit Reports.”

Figure 1.
An imposter domain. Note the misspelling of the URL in the address bar. Also note the links to Annual Credit report online; these links did not lead to the official site at the time of analysis.

This site pictured above represents a typical pretender domain’s approach to misdirecting consumers. It is also an excellent example of what a “link farm” looks like.

Link Farms and SSN-grabbers

Currently, the majority of the imposter sites are “link farms” set up by pay-per-click marketing companies. Link farms are domains that contain dozens of links to sites that have a marketing relationship with the link farm owner, or links that are ads of some sort. Each time a consumer clicks on a link at a link farm, the owner of the link farm typically gets paid a few cents by an advertiser or affiliate marketing partner. Link farms are part of what are generally called affiliate marketing schemes, and affiliate marketing is how the majority of the imposter domains are making their money. Some link farms are also created by search engine optimization companies to cause a domain to rise in search rankings.

No matter why they were created, link farms can act as a barrier to consumers who are attempting to access the official site.

Examples of this type of domain include that seen in Figure 1, and also domains such as,,, and While these domains do not request SSNs from consumers right away, many of these domains lead to highly questionable businesses that do request information inappropriately from consumers.

Other types of imposter domains include more problematic sites that aggressively attempt to deceive consumers into giving SSNs and other information. One site in particular stood out as extremely fraudulent and deceptive: (Note that there is no period between the “www” and annual). This imposter site requested consumer SSNs, date of birth, address, name, and then according to the site privacy policy, that information was shared with other companies, including car dealerships. The site was in operation until June 6, 2005. [18]

Some imposter domains steal credit bureau logos and use trademarked names and symbols to lure consumers into believing the site is legitimate. One such site,, had inappropriately taken Experian’s ConsumerInfo logos and had created a fake domain that looked just like the credit bureau site, but without the privacy policy. After researchers brought this site to Experian’s attention, the deceptive logos were removed. However, the site did not get taken down entirely. A “link farm” containing links to ConsumerInfo and to TransUnion for-pay services – among others — took its place and was still up at the close of the research period.

Specific Examples of Imposter Sites

The following domains are examples of actual imposter sites that were live and online during the research period, which ended June 30, 2005.

Imposter Example #1:

This site was collecting SSNs of consumers, and then, according to the site privacy policy, was sharing those numbers with other companies. Researchers acted to have this site taken down immediately upon discovery; researchers uncovered the site June 1 2005, after which the Central Source was notified. The site was offline by June 6, 2005. It is unknown how long the site was operating prior to that time.

Imposter Example # 2: The sites, www.annual-, and [19]

After typing in the domains above, consumers were be redirected to, where they were then instructed to fill out an online form to get their “free credit report” for “credit peace of mind.” Actually, what is happening is that the site is a “lead generator,” that is, its purpose is to collect consumer emails. According to the site’s materials:

“ is an online leads marketplace that empowers mortgage brokers and lenders to obtain quality, highly targeted mortgage loan leads at low prices. generates fresh real-time internet mortgage leads from qualified, motivated consumers looking for home loans, mortgage refinance loans, home equity loans or debt consolidation loans.” 20


“Join The Best Debt Consolidation Affiliate Program and Make Money Debt Consolidation webmasters get paid $7.50 per lead . Look how simple our debt consolidation application is!” [21]

The real potential trouble on these imposter sites may be found on the “Free Debt Analysis” page. This page asked consumers to complete a detailed form that requests first and last name, debt amount, email address, phone number, and names of creditors. [22] This is apparently the form that provides the “fresh leads” the site brags about elsewhere.

On this site, consumers who click on a link to order a free credit report will get directed to Qspace, a site related to ConsumerInfo. ConsumerInfo is a wholly-owned subsidiary of the Experian credit bureau. If a consumer clicked on the order button from one of these imposter domains, this is the URL they would see, or something very similar:

Oddly, the Spendonlife privacy policy posted on these three imposter sites mentions a number of privacy and consumer protection organizations such as the Privacy Rights Clearinghouse, EPIC, and the FTC, stating that they are good resources. The privacy policy provides no links or URLs to direct consumers to these resources.

Intriguingly, there is an additional – and different — privacy policy and site. This other privacy policy is available at and is a Truste verified privacy policy. This policy is also completely different than the policy consumers access from the three imposter domains. The policy states plainly that it is a ConsumerInfo site, and:

“Note to users: If you place an order for our products or services through co-branded web pages that display both our name and’s, our partnership agreement with specifies that both companies may use the information you provide.’s privacy policy governs their use of your information, as this policy governs ours.” [23]

It is unknown if the three imposter sites are inappropriately using the’s trademarks or images, or what ConsumerInfo relationships the sites do or do not enjoy. It is unknown which privacy policy is the actual policy that applies to consumers. What is known is that these sites —, www.annual-, and– are apparently working to collect leads, not working to send consumers to the official site.

Imposter Example #3:,,, and

These four imposter sites, at last check, resolve to the commercial data broker Intelius and do not lead consumers to the official site. Specifially, the sites resolve to Intelius has made no effort to inform consumers that its site is not the official site, despite that Intelius was – and at last check still is — appropriating annualcreditreport-related Web domains to attract consumers to its for-pay services.

Imposter Example #4: The domains and

These two sites redirect consumers away from the official site to a site called, where consumers are asked to provide their name, address, email, and other information about themselves. is associated with the TransUnion credit bureau. Technically, is a “product of TrueCredit.” 24 TrueCredit is a wholly owned subsidiary of the TransUnion credit bureau. [25]

The domain uses framesets to forward consumers to from nameservers belonging to Domainmanager, a company that specializes in assisting domain owners with redirects such as this.

The other domain,, resolves to, which then displays in a frame. This domain forwards consumers from nameservers belonging to, a company that focuses on pay per click and affiliate schemes. [26] Whois records indicate that the domain is owned by Ousel Internet Development. [27]

It is unknown if TransUnion is aware of the redirection of these sites to its commercial services.

Imposter Example #5: DomainSponsor’s 68 imposter sites [28]

DomainSponsor, a well-known affiliate marketing company that is also associated with the search engine, owns and or manages a large number of imposter site link farms. As many as 18 of the known 68 DomainSponsor sites have at one time stated in their title bars that the domain is “AnnualCreditReport,” even when the domain was only a close misspelling of the official site.

None of the 68 Domain Sponsor sites have privacy policies or contact information. None of the 68 Domain Sponsor imposter sites led consumers to the official site during the research period.

Imposter Example #6:

This domain was discussed previously. When typed in, this imposter domain resolves to When researchers originally found this site, it was inappropriately copying a ConsumerInfo site nearly image for image. After the site was identified in early June to ConsumerInfo as a problem affiliate that was using the keywords annual credit report to misdirect consumers, the imposter site removed the ConsumerInfo images and changed its information three times within a 24 hour period.

At last check, this site is still apparently acting as some sort of marketing affiliate of ConsumerInfo in that it is still directing consumers to commercial services at ConsumerInfo and other companies via apparent affiliate marketing links. The domain name has not been taken offline or transferred to the Central Source. The site, which is an apparent link farm, does not post a privacy policy. Unfortunately, this type of site is typical of the imposter domains.




[17] The last complete check of number of active domains and domain registrants using the key words annual credit report or close misspellings of these key words was June 27, 2005 with spot checks of problematic domains until June 30, 2005. Additional checks were conducted up until July 14, but results logged after the close of the research period (June 30) were not included in the report findings.

[18] Because of the serious nature of the problems at this particular site, researchers took immediate steps to get it offline. The site was taken down approximately 6 days after researchers originally discovered it and alerted the Central Source of its presence.

[19] During the course of research, these three sites went off and online frequently. By checking the sites using differing Internet Protocol addresses, researchers were able to determine that the sites were generally up and working. However, researchers observed that the sites would go through cycles of going offline for a day or two and then the sites would come back online again. The final check of these sites was July 4, 2005, where two of the sites were offline and one site – — was online.

[20] <>Last accessed July 4, 2005.

[21] <> Last accessed July 4, 2005.

[22] <> Last accessed July 4, 2005.

[23] <>

[24] See < >Last accessed July 4, 2005. 25 See <> Last accessed July 4, 2005.

[26] See <>.

[27] See <>.

[28] See Appendix E for a listing of the 68 Domain Sponsor Imposter sites.



Roadmap: Call Don’t Click Update – Still be smart about ordering federally mandated free credit reports: Discussion of Findings: Fraudulent, deceptive, or misspelled domains are still a problem


Report home | Read the report (PDF) | Previous section | Next section