Press Release: Call Don’t Click Update: STILL BE SMART ABOUT ORDERING FEDERALLY MANDATED FREE CREDIT REPORTS – New Report Identifies Over 100 Imposter Domains Interfering with Federally Mandated Free Credit Report Site,


Pam Dixon
Executive Director,
World Privacy Forum
tel: 760.436.2489
cell: 760.470.2000

Read the (PDF)

SAN DIEGO, CA, July 14, 2005. A new report issued today by the World Privacy Forum shows that many consumers may still be better off calling or mailing in for their federally mandated free credit reports instead of accessing the reports online. Although the official site has improved since its launch in December 2004, there are continuing hazards posed by imposter Web domains, some of which have been aggressively attempting to misdirect and in some cases deceive consumers.

In its first report on this subject published in February 2005, The World Privacy Forum documented that 96 known imposter domains existed, with 50 of those domains active and online. In its new study, “Call Don’t Click Update: Still be smart about ordering Federally mandated free credit reports,” the World Privacy Forum has found that 233 known imposter sites now exist, with 112 of the imposter domains active and online. This marks a 124 percent increase in known, active imposter domains since February.

One imposter site researchers found was missing the period between “www” and “annual.” The site, “,” which has now been taken offline — was requesting consumers’ SSNs and according to its privacy policy was sharing those numbers with car dealerships. Another imposter site was sending consumers directly to Intelius, a commercial data broker. Yet another imposter site gathered consumers’ email addresses to share as “fresh, real-time, Internet mortgage leads” for mortgage and debt consolidation loan pitches. These last two imposter sites, like the majority of the others, were still online at the conclusion of the research for the current report.

New report findings include:

• At least 233 imposter domains with close or nearly identical spellings of have been registered.

• At least 112 known and confirmed imposter domains were “live” during the research period for the new report. That is, the domains were online and actively leading consumers away from the official site. This marks a 124 percent increase in live imposter sites from the first report, or an increase of 62 live imposter domains.

• 7 of the 112 live imposter domains posted a privacy policy.

• 4 of the imposter sites led directly to Intelius, a commercial data broker that at the time of research did not offer any links to the official site.

• Many of the imposter sites contained affiliate links or advertisements that led consumers to Experian, TransUnion and other commercial credit-related sites.

• None of the imposter sites provided links to the official site during the research period. Positive changes from the first report include:

• The credit bureaus now allow Web linking to the official site.

• TransUnion has halted its practice of pre-selecting consumers to receive marketing materials via a small checkbox at the bottom of its registration page at the site.

“The good news is that the official site now allows news organizations and consumer groups to link to it, which should reduce the number of consumers landing on typo domains,” said Pam Dixon, executive director of the World Privacy Forum and the principal investigator for the report. “The bad news is that the imposter sites have more than doubled, and some of these sites are showing up in search engine results, sometimes as paid listings that appear ahead of the official site. The credit bureaus and the FTC must take immediate action to clean up all of the imposter domains prior to the September 1 rollout to consumers in the Northeast.”

The new Call Don’t Click report lists each imposter site that was found, as well as feedback the World Privacy Forum received from consumers about accessing federally mandated credit reports.

Updated Consumer Tips

• When phoning the toll free number (877-322-8228) for a free credit report, ask that only the last four digits of your SSN be displayed when it is sent to you.

• If you use the toll free number above to access your free credit report, be aware that if you have a strong accent or a complex last name, the automated phone system may not work.

• If you call for your report or have it mailed to you, ensure that your credit report is mailed to a secure mailbox.

• Know that you are not required to give out your email address in order to obtain a federally mandated free credit report.

• If you order a free annual credit report online, take basic computer safety precautions. For example, ensure that your computer is virus-free and don’t order your reports from a public computer or from work.

• If you do choose to go online to to access your free credit report, be absolutely certain that you have not mistyped in the address. If you see pop-up ads, or if you notice that the site is not a secure site, close your browser and start over. (Secure sites will have a padlock logo in the corner, and the address will read https:// instead of just http://). Please note, though, that some clever imposter sites are providing https:// secure site access, so just a padlock alone is not a guarantee that you are on the right site.

For the complete “Call Don’t Click” report and the updated consumer tip sheet, see:

• CALL DON’T CLICK UPDATE: Still be smart about ordering federally mandated free credit reports <>


Resources for Consumers

To request a credit report by mail:

Print out the request form. The form is available at:
Fill out the form and mail it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.

To request a credit report by phone:

Call 877-322-8228

To request a credit report online:

Visit < >.

About the World Privacy Forum

The World Privacy Forum is a nonprofit, non-partisan public interest research organization focused on conducting in-depth research and consumer education in the intersecting areas of technology and privacy. The World Privacy Forum is based in San Diego, California.