Shortly after signing up to get my free credit score at one of the popular websites that offers the service, I received an email alerting me that my score had recently changed and that I should log into the site provided to check on it. Since I had recently signed up for my free score, I almost fell for the scam and followed the link, which could have compromised my personal information. (I originally signed up for my score as part of my reporting for an article that explored whether those "free scores" are really free.)
The experience reminded me how easy it is to fall for a so-called phishing scam, where a fraudulent email masquerades as a legitimate one and leads you to a website that asks for your personal information. As soon as you enter it, the fraudster behind the scam has your information and can use it to steal your identity or money.
With more people getting their free credit scores online from legitimate companies such as CreditKarma.com, CreditSesame.com and Mint.com, these kinds of credit score phishing emails are also becoming more prevalent. The information technology team at U.S. News reports that our company received about 140 spam messages in the last week with the words "score changes" in the subject line.
One particularly confusing aspect of these emails is that the legitimate companies offering free credit scores to consumers often do so in addition to sending out promotional emails, in the hopes that consumers will sign up for other premium services, like credit monitoring. CreditSesame.com credit expert John Ulzheimer says companies are increasingly using free credit scores as a "loss leader" to attract consumers, and that the only cost of accessing your free score is receiving promotional emails -- a trade-off he calls a good deal.
After I signed up for my free credit score at Credit Karma, for example, I received a follow-up email from the company welcoming me to my free credit report and introducing me to a variety of other tools available through the website. Christina Ra, spokeswoman for Credit Karma, says I don't need to worry about receiving many more. "We make it a core practice to very, very rarely email. We want our members' experiences to be exceptional, and being bombarded with email is not," she says.
Here are some ways to make sure you don't get caught up in a phishing scam:
1. Always check the domain name.
Ra suggests making sure any emails that you receive that claim to be from specific companies are actually coming from the domain name they claim to be. That means double-checking the url in the "from" field as well as in any embedded hyperlinks. Also, the Better Business Bureau recommends a general attitude of skepticism toward unsolicited emails, especially ones that ask you for any information. Government agencies, for example, usually communicate through the mail, not text or email. (One common scam involves a fake email claiming to be from the Internal Revenue Service and requesting information.)
2. Avoid links and attachments.
If you receive any unsolicited attachments or links, the BBB recommends avoiding them. If you want to log into your bank, for example, type in the url directly on your browser instead of clicking on any embedded hyperlink, which could take you to a impostor site.
3. Don't provide your credit card.
Many websites, including Credit Karma, now offer access to your free credit score for free; you don't have to enter your credit card at any time. If a site does require your credit card information before sharing your credit score, it could be a sign that it plans to charge you or enroll you in a monthly service, so you might want to consider going elsewhere.
4. Use the official free credit report website, AnnualCreditReport.com.
Katherine Hutt, director of communications for the Council of Better Business Bureaus, says the only free credit report service BBB recommends is AnnualCreditReport.com. The government requires that consumers have access to their credit report once every 12 months from each of the three credit bureaus: Equifax, Experian and TransUnion. "We think it's best for consumers to start there to avoid confusion. It's the only site authorized by the Federal Trade Commission for the free report," Hutt says.
The BBB gives Credit Karma a "B" rating and notes that in March 2014, it settled charges from the FTC related to a security on Credit Karma's mobile apps, which the FTC alleged put consumers' information at risk. As part of the settlement, Credit Karma agreed to address the security risks and undergo regular security checks.
According to Credit Karma's official statement on the settlement, no one has reported the loss of sensitive data as a result of the security issue and it only related to mobile apps operating on unsecured networks, and that issue has now been resolved.
5. Skip sites that are not secure.
The BBB also recommends never entering your personal information, including your Social Security number, address or banking information, on websites that are unfamiliar or nonsecure. The url should include "https" or "shttp" in it. If you are ever suspicious of an email or website, the BBB recommends turning to a more traditional mode of communication -- the telephone -- to check on it. Just don't call the numbers included in emails, which could be fake.
6. Password-protect your phone.
Your phone probably contains a lot of personal data, which is why you should password-protect it, just in case you lose it. You wouldn't want a stranger having access to all your emails and accounts.
As long as you follow those basic guidelines, you should be able to keep your information safe -- and still access your free credit score from a legitimate source.
More From US News & World Report