Don’t fall for fake settlement sites that steal your data

Sometimes, data breaches result in more than just free credit monitoring. Recently, Facebook began paying out its $725 million settlement, and AT&T is preparing to distribute $177 million. Those payouts caught scammers’ attention.

Now, fake settlement claim emails and websites are flooding inboxes. They look convincing, but behind the plain design and official-sounding language is a trap for your Social Security number, banking info, and more. So how can you make sure you get your money without losing even more in the process?

Why fake settlement sites are so convincing

Settlement claim websites rarely look polished. Most have generic layouts, long URLs, and simple forms asking for a claim ID from your email or postcard. That makes it easy for scammers to mimic them. To test how simple it is, we created a fake settlement site (below) in minutes using AI tools like ChatGPT.

If we can do it, you can bet criminals are already exploiting the same shortcuts. Facebook has been the target. A fake site once popped up around the Equifax settlement, tricking thousands before it was shut down. The lesson? If the site appears unusual, it doesn’t necessarily mean it’s fake, but it should prompt you to double-check before entering your details or clicking on any links.

Red flags that expose fake settlement sites

Spotting a scam often comes down to noticing the little details. Watch for these common warning signs before you hand over your information.

Requests for too much personal data

If a site asks for your full Social Security number or the names of your children, stop. For example, the official Equifax settlement only requested the last six digits of SSNs. Genuine claim sites may ask for limited info (like the last four digits of your SSN), but they rarely demand complete Social Security or bank details.

Promises of payout estimates upfront

Real administrators calculate payments only after the claim period closes.

Texts or social media messages

Settlements are announced by mail or email, not through random DMs or SMS.

Odd or misspelled URLs

Even one extra letter in the web address is a sign of a spoof site. Legitimate settlements use official or clearly named administrator domains. Be wary of addresses with unusual add-ons, such as “secure-pay” or “claims-pay.”

Urgent language or countdowns

Scammers rely on urgency to pressure you into acting fast. Real settlement sites don’t demand 24-hour turnarounds.

Processing fee checkboxes

A sure giveaway of a fake. Real settlement administrators never require money to file or to receive your payout.

Cheap trust badges

Scam sites often throw in fake “secure” seals. Look for recognized security seals and make sure they’re clickable and verifiable.

Generic contact info tied to the suspicious domain

Official sites list multiple, verifiable contacts. If the email or phone number matches the weird domain, that’s a red flag.

Grammar or spelling mistakes in the fine print

Sloppy errors in legal-sounding text are a classic sign you’re looking at a scam.

How to safely handle settlement claim notices

Before filing any claim, follow these steps to ensure you’re dealing with a legitimate settlement site and protecting your information.

1) Start at the FTC

The Federal Trade Commission keeps updated lists of approved class action settlements. The legitimate links always point to a .gov website. If your email sends you elsewhere, treat it with caution.

2) Cross-check with other resources

Trusted outlets often cover large settlements and include safe links. ClassAction.org is another resource for checking legitimate URLs.

3) Skip the links, use the mail

Your claim notice may include a mailing address. Sending a paper form avoids the digital phishing minefield altogether.

4) Use strong antivirus software

Strong antivirus software can block malicious links, warn you about dangerous websites, and prevent malware from taking over your device.

The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

5) Try a data removal service

Data removal services work to scrub your personal information from broker lists, making it more difficult for criminals to target you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

6) Never pay to file

If a site asks for “administrative fees” or a “processing charge,” close it immediately. Real settlement administrators will never ask for money.

7) Report suspicious sites

Spot a fake? Protect others by reporting it to:

• The FTC Complaint Assistant
• The Internet Crime Complaint Center (IC3)
• The Consumer Financial Protection Bureau (CFPB)

Quick reporting helps authorities shut down scams before more people fall victim.

Related Links: 

• Bank pop-up scam could empty your account in seconds
• Dodging a digital bullet: A true close call with a work email scam
• Inside a scammer’s day and how they target you

Kurt’s key takeaways

Class action settlements can feel like rare wins for consumers after data breaches. But scammers see them as easy hunting grounds. The best defense is skepticism. Check URLs, avoid clicking direct links, and never give away details that don’t match the claim’s purpose. Your payout should help you recover, not put you at greater risk.

Have you ever received a settlement notice that felt suspicious, and how did you handle it? Let us know your thoughts in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.