Recently, Facebook began paying out claims from 2023’s massive $725 million privacy settlement, and claim notices started going out for AT&T’s $177 million settlement, so a lot of people are checking their inboxes. Getting justice in the form of cash for your lost or stolen private data is the best outcome we can hope for in an era of near-constant data breaches, but there may be other, far more insidious offers lurking in your inbox. After all, online scammers are always looking for a payday, and it’s incredibly easy to whip up fake settlement claim emails and websites designed to steal your private data, like your email address, social security number, or banking information. Unfortunately, spotting fake settlement claims isn’t always easy, but there are ways to get your money without losing everything else in the process.
Identifying Phishing Is Harder Than It Looks
The problem is, websites for settlement claims tend to look a bit… sketchy, don’t they? The sites usually have a plain background, a non-descript header, a very suspicious-looking URL, and request fairly benign information up front, such as the settlement claim number you received on a postcard or in your inbox. For example, look at the websites in the screenshots below. Which of these sites looks like a legitimate settlement claims website?
Settlement Claim A:
(Credit: Kim Key)
Settlement Claim B:
(Credit: Kim Key)
Settlement Claim C:
(Credit: Kim Key)
If you answered option B, congratulations, you identified a genuine settlement claims website. If you answered A or C, I’m sorry for deceiving you.
It took me less than five minutes to create the fake websites in the screenshots above using Google’s Gemini chatbot. I don’t mean that the chatbot just generated the images, either. Gemini generated code for two websites in less time than it would take me to give away my personal information on an AI-generated phishing website. If I can do it, a scammer can do it too.
I should note, however, that when I asked Gemini to build me a site that would siphon private data, such as a person’s social security number or bank account details, the chatbot firmly shut down my request and delivered a thorough explanation of phishing. I commend Google for putting these guardrails into their product, though I imagine that, with a little time and effort, an online scammer could find a way to coax another AI chatbot to create a similar-looking website that gathers users’ private data.
How to Verify Settlement Claim Notices
Always check the Federal Trade Commission (FTC) website for information about settlements filed with that government agency. For settlements involving non-US companies, you’ll need to do a little more research before trusting a claim site. Don’t click the links in the settlement notification email, as those could be phishing opportunities. Instead, I advise you to open your browser and do a little sleuthing first.
Below are some of my suggestions for ways that you, armed with a search engine and some critical thinking skills, can identify and respond to legitimate settlement claims.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
-
Check with the FTC. As mentioned above, the US government’s consumer protection arm maintains lists of ongoing claims and hosts vetted claim forms on its website. Make sure that if you click on a link to an FTC claim site in an email, it directs you to a .gov URL, as opposed to a .org or a different URL suffix.
-
Do your Googles. Search news sites, like the one you’re reading right now, for information about your class action settlement. News sites usually have articles detailing the circumstances behind the lawsuit and instructions for filing a claim. You can also search ClassAction’s website for a legit URL for your settlement claim.
-
Use snail mail to file your claim. You can’t phish someone who opts out of giving their data away online. Check the email or postcard you received for a mailing address that you can use to skip the digital minefield and mail in your claim form.
-
Never pay to file a claim. If a claim site requests a processing fee or money to cover “administrative costs,” close the website and forward the offending email to the FTC, because that’s a sure sign of a scam.
-
Take your time when filing the claim. If a settlement claim form asks for information that is completely unrelated to the settlement, pause, and ensure you’re visiting the correct website. For example, if I received an email about the AT&T data breach settlement, clicked a link to file a claim, and the form asked me for my social security number, my children’s names and ages, or other unrelated private data, I wouldn’t fill in that information. Instead, I’d visit the FTC’s website to ensure that I clicked on a link to a legit claim form.
Common Fake Settlement Claim Red Flags
It’s hard to tell if a settlement claims website is legit just by looking at it, so what can you do to avoid a possible phishing situation? The key is to consider what kind of data the website or email requests from you, and how the settlement administrator is contacting you.
While researching for this article, I read several frequently asked questions sections on settlement claim websites. Many of the documents referenced popular techniques that scammers use to trick people. I’ll highlight some of the most common scams below.
Excessive Requests for Private Data
A scammy settlement claim form may request your full Social Security number as part of the administrative process, which is not an ask that you’d find on a legitimate claim form, even if your exposed Social Security number is the reason you can claim part of a data breach settlement. For example, during the settlement claim period following the Equifax breach in 2017, people were instructed to enter the last six digits of their Social Security number on the website to make a claim, but not their full Social Security number.
Recommended by Our Editors
Requests for Payment
A claims or settlement administrator will never ask you to pay money while submitting a claim or to receive money as part of a settlement. If someone purporting to be a settlement administrator demands payment from you during the claim process, stop communicating with them and report the scam.
Along those same lines, a settlement administrator usually will not estimate your claim payout when you are filing the claim. That amount is determined after the claim period concludes and everything is processed.
Text Message Settlement Claim Notifications
If you received a message via SMS or on a social media platform about a potential settlement claim, block the sender and delete the message because it’s a scam. Legitimate settlement claim info is delivered via email or sometimes postcard.
Don’t Forget to Report Them
To keep other people from becoming victims, and to help authorities catch the scammers, it’s vital to report any suspicious settlement claim forms you come across. I wrote an article about how and why you should report scams earlier this year. To sum up the process, it’s as easy as contacting the FTC, filing a complaint with the Internet Crime Complaint Center, or getting in touch with the Consumer Financial Protection Bureau.
If you think you may have entered your personal information on a fake settlement claim website, read about how to get your life back after being scammed. If you want to know what scammers do with your data after they steal it, check out my article about my dark web search for information about the company that leaked my email address.
About Our Expert
Kim Key
Senior Writer, Security
Experience
I review privacy tools like hardware security keys, password managers, private messaging apps and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.
In addition to the below categories, I also exclusively cover adblockers, authenticator apps, hardware security keys, and private messaging apps.
Read Full Bio
