Credit Score Scams — a scam that hasn’t changed about score changes

If your email address has been “harvested” by scammers, then at some point you’ll probably get an email message with a subject like “Your credit score has changed,” or “Your Equifax score has been modified” or something similar, possibly referring to Experian or TransUnion as well. From “Score Advisor” or something similar.

These scam spam messages try to get you to reveal private information. Scammers want you to click on a link in the message to “verify” your credit score. The message may include a bogus “Reference Number” and then a link to “Review And Confirm.” The message is signed by the “CreditReportingTeam” or something similar, and may include the name and address of a legitimate free-score service.

The link in the message, however, actually goes to a web page that does not match the sender’s claim and which has nothing to do with any of the legitimate credit-score services.

US News posted an article in October, 2014, “Watch Out for These Credit Score Scams” which summarized these types of scams.

Shortly after signing up to get my free credit score at one of the popular websites that offers the service, I received an email alerting me that my score had recently changed and that I should log into the site provided to check on it. Since I had recently signed up for my free score, I almost fell for the scam and followed the link, which could have compromised my personal information.

The information technology team at U.S. News reports that our company received about 140 spam messages in the last week with the words “score changes” in the subject line.

The article outlines 6 ways to protect yourself. One of the most important skills is knowing how to check the domain name in the address of any links with that of the sender’s and that of the company asserted by the sender.

Skepticism about any email regarding your credit score is a good policy. Links in such emails also can take you to web sites which may infect your computer with malware.


As a technical note, the “.com” host IP address in the (raw) complete message header can be bogus itself. Just another cyber criminal trick.