WASHINGTON — It's been less than two weeks since the Equifax data-breach settlement was announced, and already at least two websites trying to scam information-seekers have been shut down.
And thus begins the effort to catch unscrupulous individuals looking to make a buck off the credit bureau's major data breach.
Let me say this now, because I have no doubt that there will be many email phishing attempts, telephone calls and probably gift-card scams trying to capitalize on Equifax's $700 million settlement with the Federal Trade Commission: If anyone calls or emails you about the settlement, do nothing — and I mean not a single thing — until you verify the information with the FTC or your state or local consumer-protection office.
The settlement specified that affected consumers were entitled to free credit monitoring paid for by Equifax, or they could choose what could have been a decent cash payment — up to $125 if they have credit monitoring elsewhere. The FTC has since said that, based on the level of interest in the cash, consumers are likely to get much smaller payments if they opt out of the free credit monitoring.
If you've had any incidents of identity theft or fraud, you can submit a claim for time spent dealing with the aftermath. Equifax has agreed to pay U.S. consumers $25 an hour up to a maximum of 20 hours. However, if there are too many people seeking payment for time spent, the money will be distributed on a proportional basis, the FTC said. Also on the table is up to $20,000 for documented losses and expenses directly related to identity theft.
Scammers will no doubt use the cash offers, even if they are ultimately reduced, to snare victims. Do not give anyone any money.
The two websites that have been shuttered were attempting to profit from the Equifax settlement. The website creators clearly targeted Equifax consumers looking for information on the cash and free credit monitoring.
I've seen this scheme before. Hoping to capitalize on people's keystroke errors, some people register URLs that are a typo away from the addresses of legitimate websites. It's called "typosquatting," and it is intended to trick internet users.
In the case of the Equifax breach, a website set up to field claims was registered as equifaxbreachsettlement.com. In a matter of days, at least a couple bogus websites materialized — each with a URL that varied by just one letter from the official site. In both cases, those bogus websites only had ads, which they were showing through Google. Website owners can earn money if people click on the ads.
On one of the impostor sites, there were several misleading links. One said "data breach." Another said "Class Settlement Claims." However, if you followed the links, you were taken to pages with ads for credit monitoring or debt settlement. One ad was for Freedom Debt Relief, a company that recently reached a $25 million settlement with the Consumer Financial Protection Bureau for alleged misdeeds.
I contacted Freedom, and a company spokesman said they knew nothing about the spoof site.
"We alerted our Google account representative," said Michael Micheletti, head of corporate communications and public relations for Freedom Financial Network. "We did not place an ad on this page. It's a scammer trying to take advantage of the situation."
I could not track down the website owners. However, after I alerted Google, the sites were taken down.
"We don't want users to feel misled by the content they engage with online, and we have strict policies that govern the kinds of websites we show ads on," Google said in an emailed statement. "If we find a page or website that violates our policies, we remove ads."
I've since found other sites using various misspellings still trying to get ad clicks. Again, not long after I contacted Google, those sites were also shut down.
Please, for your safety, if you're searching for information connected to the settlement, go to ftc.gov/Equifax. There you'll find details about the settlement and you'll be sent to the real website to file a claim.
I also want to warn you that you may get phishing emails or scam telephone calls pretending to be from the administrator handling the Equifax settlement.
The administrator actually will be sending emails to people who filed a claim for the cash payment. Consumers need to submit the name of the credit monitoring service they are using. Or, they can change their minds if they now want the free credit monitoring.
Knowing that the administrator will be communicating with people, you can bet con artists will try to trick consumers to respond to fake emails. Be suspicious of every contact connected to the Equifax settlement. The scammers are just getting started.