Phishing and Vishing Identity Theft Scams
The Experian - A Key Change Has Been Posted to One of Your Credit Reports Scam
Redirects to spoofed (Fake) website: https://experian.experiandirect.com/credit/login.aspx?nav=alt&cid=1099
You may have received an email like the one below that looks very authentic, like it came from Experian, or a phone call about the same subject. It is an attempt to get you to enter confidential information (typically a social security number, name, address, bank account information, etc., to allow the scammers to steal your identity and open credit cards in your name.
This email was not sent by Experian; Experian is a victim as well. This is referred to as spoofing (making a fake email that looks legitimate, "phishing" (when by email) or "vishing" (when by telephone). If you receive an email similar to the one below, DO NOT click on the link, and do not enter any information on the forms there.
The website that the link leads to is a spoof; a fake website, not created by Experian. It goes to https://experian.experiandirect.com/credit/login.aspx?nav=alt&cid=1099, not Experian! When you enter the information they ask for, you will simply be handing the thieves the keys to your bank accounts. That is how spoofing, phishing and vishing works.
Remember, no reputable business would send you an email or a phone call requesting your personal account information. Any such email you receive asking for this information should be considered phony and brought to the attention of the business being 'phished'.
Anytime you need to go to a website for your bank, credit card companies or other personal, financial or confidential information; do not follow a link in an email; just type their address in your browser directly (such as www.Experian.com )
Below are actual phishing emails that started circulating in early 2008. We have put a warning over the links to the phisher's website, which is https://experian.experiandirect.com/credit/login.aspx?nav=alt&cid=1099
It is possible that the owners of the website (https://experian.experiandirect.com/credit/login.aspx?nav=alt&cid=1099) are not involved, and that their server has been hacked, but the fact remains that this is the address the scam goes to.
----- Forwarded message -----
This email was sent because it contains important information about your account. Please note that if you have previously unsubscribed from Experian.com, you will no longer receive newsletters or special offers. However, you will continue to receive email notifications regarding your account. To ensure that you'll receive emails from us, please add firstname.lastname@example.org to your address book.
Membership ID #780444581
A Key Change Has Been Posted to One of Your Credit Reports
A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian', Equifax and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don't know how it will affect your credit, so we urge you to do the following:
View detailed report by opening the attachment.
You will be prompted to open (view) the file or save (download) it to your computer.
For best results, save the file first, then open it in a Web browser.
Contact our Customer Care Center with any additional questions.
Note: The attached file contains personal data.
Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.
*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.
Notice one of the statments in the email: "To ensure that you'll receive emails from us, please add email@example.com to your address book." Obviously, that would be a dumb thing to do, since Exprpt.com is not connected to Experian!
Here's where the links in the scam email actually go to:
The images in the email where hosted
at these locations:
The images in the email where hosted at these locations:
What is Phishing?
Phishing is an attempt by an individual or group to solicit personal
information from unsuspecting users by employing social engineering techniques.
Phishing emails are crafted to appear as if they have been sent from a
legitimate organization or known individual. These emails often attempt to
entice users to click on a link that will take the user to a fraudulent website
that appears legitimate. The user then may be asked to provide personal
information such as account usernames and passwords that can further expose them
to future compromises. Additionally, these fraudulent websites may contain
Learn More About Phishing
The following documents and websites can help you learn more about phishing and how to protect yourself against phishing attacks.
- Avoiding Social Engineering and Phishing Attacks
- Protecting Your Privacy
- Understanding Web Site Certificates
- Anti-Phishing Working Group (APWG)
- Federal Trade Commission, Identity Theft
- Recognizing and Avoiding Email Scams
Methods of Reporting Phishing Email to US-CERT
For more information about phishing, see