Google's Pixel 7 Event National Taco Day Microsoft Surface Event Xiaomi 12T Pro's 200MP Camera iPhone 14 Pro Action Mode vs. GoPro Hero 11 TikTok Money Advice Hottest Holiday Toys Gifts for Cyclists
Want CNET to notify you of price drops and the latest stories?
No, thank you

Imposter sites plague free credit report site

Seven months after its debut, has spawned more than 100 imposter sites that seek money, personal data.

A Web site created by federal mandate last year to help consumers spot identity theft is opening up new avenues for fraud, according to a privacy watchdog group.

The site,, offers consumers free copies of their own credit reports. It was launched in December by Equifax, Experian and TransUnion, the three major credit reporting agencies in the United States, in accordance with the Fair and Accurate Credit Transactions Act of 2003. The federal law aims to quell growing concerns over privacy and disclosure of sensitive financial data.

However, the online service has quickly fallen prey to imposter sites, which are designed to lure traffic from a legitimate Web site by adopting a similar domain name. Imposters targeting the site now number 112, according World Privacy Forum, a nonprofit based in San Diego that's studying the problem. Another 120 registered domains that aren't currently active employ the words annual credit report in some combination or are close misspellings of the official site, the group said.

Many of the imposter sites serve as "ad farms," referring visitors to credit bureaus that charge for the reports, World Privacy Forum said. The imposters then collect referral, or "pay per click" advertising, fees from for-pay bureaus.

The privacy advocate sounded an alarm bell on Thursday in a report that said the imposter sites "have been aggressively attempting to deceive and misdirect consumers."

Some of the sites ask visitors to supply Social Security Numbers, date of birth and other personal information, the report said. Others send consumers to pornographic sites and other sites that have nothing to do with credit reports. Only seven of the 112 imposters posted a privacy policy and only 21 of them provided consumers with information for contacting the sites' operators.

People can be reeled into imposter sites by either typing the wrong domain name of the site they mean to visit or by using a search engine to find the site and clicking on the wrong search result.

World Privacy Forum is urging the Federal Trade Commission to crack down on credit bureaus that advertise on imposter sites.

"The FTC should require credit bureaus and their subsidiaries to cease and desist from all search engine and other online advertising campaigns--including affiliate marketing programs--that use the words annual + credit + report in any combination if these search terms take consumers to a for-pay commercial site or any site other than the official site," the group said in its report. "This is a challenging area, but one that needs to be tackled."

The FTC did not immediately return calls for comment.