Your inbox could contain real money—or a trap. Here’s how to tell a legit settlement notice site from a data-stealing fake.
Recently, Facebook began paying out claims from 2023’s massive $725 million privacy settlement, and claim notices started going out for AT&T’s $177 million settlement, so a lot of people are checking their inboxes. Getting justice in the form of cash for your lost or stolen private data is the best outcome we can hope for in an era of near-constant data breaches, but there may be other, far more insidious offers lurking in your inbox. After all, online scammers are always looking for a payday, and it’s incredibly easy to whip up fake settlement claim emails and websites designed to steal your private data, like your email address, social security number, or banking information. Unfortunately, spotting fake settlement claims isn’t always easy, but there are ways to get your money without losing everything else in the process.Can You Spot a Real Settlement Claim Site?
The problem is, websites for settlement claims tend to look a bit.sketchy, don’t they? The sites usually have a plain background, a non-descript header, a very suspicious-looking URL, and request fairly benign information up front, such as the settlement claim number you received on a postcard or in your inbox. For example, look at the websites in the screenshots below. Which of these sites looks like a legitimate settlement claims website?Settlement Claim A:Settlement Claim B:Settlement Claim C:
If you answered option B, congratulations—you have identified a genuine settlement claims website. If you answered A or C, I’m sorry for deceiving you.
It took me less than five minutes to create the fake websites in the screenshots above using Google’s Gemini chatbot. I don’t mean that the chatbot just generated the images, either. Gemini generated code for two websites in less time than it would take me to give away my personal information on an AI-generated phishing website. If I can do it, a scammer can do it too.
I should note, however, that when I asked Gemini to build me a site that would siphon private data, such as a person’s social security number or bank account details, the chatbot firmly shut down my request and delivered a thorough explanation of phishing. I commend Google for putting these guardrails into their product, though I imagine that, with a little time and effort, an online scammer could find a way to coax another AI chatbot to create a similar-looking website that gathers users’ private data.
