Call Don’t Click Update: Discussion – Methods the Imposter Domains Are Using to Mislead Consumers
The annualcreditreport.com imposter domains were using sophisticated variations of online bait-and-switch techniques to lure consumers to the wrong sites. Primary techniques included the following:
A. The imposter domain names contain the words annual credit report in various combinations. An example of this is the domain www.annualonlinecreditreport.com. The key words used in the imposter domain brings users in through search engine results, paid and unpaid. Once at the imposter domain, which in this case is a domain for a commercial data broker named Intelius, consumers may then be asked for SSNs and other sensitive information for completely different purposes than for ordering a federally mandated free credit report.
B. The imposter domains may also incorrectly claim to be annualcreditreport.com or AnnualCreditReport on their home pages, confusing consumers about which domain is the real domain. Many domains do this, for example, www.annualcrditreports.com.
C. Affiliate marketing with credit bureaus: Many of the imposter domains appear to have affiliate marketing or advertising relationships with Experian or TransUnion. That is, some imposter domains are affiliate marketing partners of Experian or TransUnion, and as such, the imposter domains link to legitimate commercial credit services. For example, freeannualcreditreports.com appears to be a ConsumerInfo/ Experian affiliate, and it is also an imposter domain. The domain www.annualcreditmonitoringreport.com appears to be a TransUnion affiliate and it is an imposter domain. 
The imposter domains that have affiliate marketing relationships are particularly problematic in that they have an appearance of legitimacy by linking to real credit bureaus. Some of the imposter sites do not just have affiliate marketing links. Instead, some of the imposter sites use online advertising to fill their sites with text links.
D. Some of the domains may correctly label their home pages, but then incorrectly include deceptive domain forwarding information within their source code. This deceptive information incorrectly identifies the domain to a search engine, or a credit bureau, or other ad partner or affiliate.
The techniques described above are not unique to the annualcreditreport.com site. Imposter domains typically target any Web site that receives high traffic and then use that traffic to make money from referrals or “click throughs”. This is an unfortunately common Internet business model. For example, Delta Airlines at one time had a persistent problem with an imposter site. The Delta imposter set up a site wwwdelta.com (no period between the w and the d) that took consumers to an entirely different domain. Delta took action against the imposter, and the case was eventually was settled in Delta’s favor via arbitration. 
Not surprisingly, the official www.annualcreditreport.com site was targeted by the exact same technique that had been used on the Delta domain. The result, wwwannualcreditreport.com was a highly problematic site.
While imposter domains are a general Internet problem, what is unique about the annualcreditreport.com site is that tens of millions of consumers or more may potentially access the official site once per year, every year. These consumers are accessing the site prepared and willing to enter their Social Security Numbers and other highly personal data in order to get a credit report. With such a high volume and the potential for collection of highly sensitive consumer information, annualcreditreport.com is a top target for imposter sites and identity thieves.
 Equifax does not appear to have direct affiliate relationships with the imposter domains based on the research for this report.
 See < http://www.arbforum.com/domains/decisions/133619.htm> last visited July 5, 2005. In the arbitration settlement, the domain was transferred to Delta.
Roadmap: Call Don’t Click Update – Still be smart about ordering federally mandated free credit reports: Discussion of Findings: Methods the Imposter Domains Are Using to Mislead Consumers