It’s been less than two weeks since the Equifax data-breach settlement was announced, and already at least two websites trying to scam information-seekers have been shut down.

And thus begins the effort to catch unscrupulous individuals looking to make a buck off the credit bureau’s major data breach.

Let me say this now, because there no doubt will be many email phishing attempts, phone calls and probably gift-card scams trying to capitalize on Equifax’s $700 million settlement with the Federal Trade Commission: If anyone calls or emails about the settlement, do not do anything until you verify the information with the FTC or your state or local consumer-protection office.

The settlement specified that affected consumers were entitled to free credit monitoring paid for by Equifax, or they could choose what could have been a decent cash payment — up to $125 if they have credit monitoring elsewhere. The FTC has since said that, based on the level of interest in the cash, consumers are likely to get much smaller payments if they opt out of the free credit monitoring.

If you’ve had any incidents of identity theft or fraud, you can submit a claim for time spent dealing with the aftermath. Equifax has agreed to pay U.S. consumers $25 an hour up to a maximum of 20 hours. But if too many people are seeking payment for time spent, the money will be distributed on a proportional basis, the FTC said. Also on the table is up to $20,000 for documented losses and expenses directly related to identity theft.

Scammers will likely use the cash offers, even if they are ultimately reduced, to snare victims. Do not give anyone any money.

The two websites that have been shuttered were trying to profit from the settlement. The website creators clearly targeted Equifax consumers looking for information on the cash and free credit monitoring.

I’ve seen this scheme before. Hoping to capitalize on keystroke errors, some people register URLs that are a typo away from the addresses of legitimate sites. It’s called “typosquatting” and is intended to trick internet users.

In the case of the Equifax breach, a website that was set up to field claims was registered as equifaxbreachsettlement.com. In a matter of days, at least a couple of bogus websites materialized — each with a URL that varied by just one letter from the official site. In both cases, those websites only had ads, which they were showing through Google. Website owners can earn money if people click on the ads.

On one of the impostor sites, there were several misleading links. One said “data breach.” Another said “Class Settlement Claims.” But if you followed the links, you were taken to pages with ads for credit monitoring or debt settlement. One ad was for Freedom Debt Relief, a company that recently reached a $25 million settlement with the Consumer Financial Protection Bureau for alleged misdeeds. I contacted Freedom, and a company spokesman said they knew nothing about the spoof site.

“We alerted our Google account representative,” said Michael Micheletti, head of corporate communications and public relations for Freedom Financial Network. “We did not place an ad on this page.”

I could not track down the website owners. But after I alerted Google, the sites were taken down.

“We don’t want users to feel misled by the content they engage with online, and we have strict policies that govern the kinds of websites we show ads on,” Google said in an emailed statement. “If we find a page or website that violates our policies, we remove ads.”

I’ve since found other sites using various misspellings still trying to get ad clicks. Again, not long after I contacted Google, those sites also were shut down.

Please, if you’re searching for information connected to the settlement, go to ftc.gov/Equifax. There you’ll find details about the settlement and you’ll be sent to the real website to file a claim.

You also may get phishing emails or scam phone calls pretending to be from the administrator handling the settlement. The administrator actually will be sending emails to people who filed a claim for the cash payment. Consumers need to submit the name of the credit monitoring service they’re using. Or they can change their minds if they now want the free monitoring.

Knowing that the administrator will be communicating with people, you can bet con artists will try to trick consumers to respond to fake emails. Be suspicious of every contact connected to the settlement. The scammers are just getting started.

Michelle Singletary welcomes comments and column ideas but cannot offer specific financial advice. Write to her c/o The Washington Post, 1301 K St. NW, Washington, DC 20071, or email michelle.singletary@washpost.com.

Commenting is limited to Times-Dispatch subscribers. To sign up, click here.
If you’re already a subscriber and need to activate your access or log in, click here.

Load comments

You must be a full digital subscriber to read this article You must be a digital subscriber to view this article.