Sometimes, data breaches result in more than just free credit monitoring. Recently, Facebook began paying out its $725 million settlement, and AT&T is preparing to distribute $177 million. Those payouts caught scammers’ attention.

Now, fake settlement claim emails and websites are flooding inboxes. They look convincing, but behind the plain design and official-sounding language is a trap for your Social Security number, banking info and more. So how can you make sure you get your money without losing even more in the process?

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

TOP 5 OVERPAYMENT SCAMS TO AVOID

Why fake settlement sites are so convincing

Settlement claim websites rarely look polished. Most have generic layouts, long URLs and simple forms asking for a claim ID from your email or postcard. That makes it easy for scammers to mimic them. To test how simple it is, we created a fake settlement site (below) in minutes using AI tools like ChatGPT.

If we can do it, you can bet criminals are already exploiting the same shortcuts. Facebook has been the target. A fake site once popped up around the Equifax settlement, tricking thousands before it was shut down. The lesson? If the site appears unusual, it doesn’t necessarily mean it’s fake, but it should prompt you to double-check before entering your details or clicking on any links.

Red flags that expose fake settlement sites

Spotting a scam often comes down to noticing the little details. Watch for these common warning signs before you hand over your information.

Requests for too much personal data

If a site asks for your full Social Security number or the names of your children, stop. For example, the official Equifax settlement only requested the last six digits of SSNs. Genuine claim sites may ask for limited info (like the last four digits of your SSN), but they rarely demand complete Social Security or bank details.

Promises of payout estimates upfront

Real administrators calculate payments only after the claim period closes.

Texts or social media messages

Settlements are announced by mail or email, not through random DMs or SMS.

Fraud can be found with red flags like odd URLs, urgent countdowns, or fee requests (Kurt “CyberGuy” Knutsson)

Odd or misspelled URLs

Even one extra letter in the web address is a sign of a spoof site. Legitimate settlements use official or clearly named administrator domains. Be wary of addresses with unusual add-ons, such as “secure-pay” or “claims-pay.”

Urgent language or countdowns

Scammers rely on urgency to pressure you into acting fast. Real settlement sites don’t demand 24-hour turnarounds.

Processing fee checkboxes

A sure giveaway of a fake. Real settlement administrators never require money to file or to receive your payout.

Cheap trust badges

Scam sites often throw in fake “secure” seals. Look for recognized security seals and make sure they’re clickable and verifiable.

Generic contact info tied to the suspicious domain

Official sites list multiple, verifiable contacts. If the email or phone number matches the weird domain, that’s a red flag.

Grammar or spelling mistakes in the fine print

Sloppy errors in legal-sounding text are a classic sign you’re looking at a scam.

Start with official FTC links or mailed notices to file claims safely (Kurt “CyberGuy” Knutsson)

How to safely handle settlement claim notices

Before filing any claim, follow these steps to ensure you’re dealing with a legitimate settlement site and protecting your information.

1) Start at the FTC

The Federal Trade Commission keeps updated lists of approved class action settlements at ftc.gov/enforcement/refunds. The legitimate links always point to a .gov website. If your email sends you elsewhere, treat it with caution. 

2) Cross-check with other resources

Trusted outlets often cover large settlements and include safe links. ClassAction.org is another resource for checking legitimate URLs.

3) Skip the links, use the mail

Your claim notice may include a mailing address. Sending a paper form avoids the digital phishing minefield altogether.

4) Use strong antivirus software

Strong antivirus software can block malicious links, warn you about dangerous websites and prevent malware from taking over your device.

The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

HOW RETIREES CAN STOP FAKE DEBT COLLECTOR SCAMS

5) Try a data removal service

Data removal services work to scrub your personal information from broker lists, making it more difficult for criminals to target you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

6) Never pay to file

If a site asks for “administrative fees” or a “processing charge,” close it immediately. Real settlement administrators will never ask for money.

7) Report suspicious sites

Spot a fake? Protect others by reporting it to:

• The FTC Complaint Assistant at reportfraud.ftc.gov/
• The Internet Crime Complaint Center (IC3) at ic3.gov/
• The Consumer Financial Protection Bureau (CFPB) at consumerfinance.gov/about-us/the-bureau/

Quick reporting helps authorities shut down scams before more people fall victim.

Can you tell a real email from a fake?

Take our quick quiz at Cyberguy.com/ScamCheck to learn how to spot phishing scams, protect your inbox, and stay a step ahead of hackers. 

Kurt’s key takeaways

Class action settlements can feel like rare wins for consumers after data breaches. But scammers see them as easy hunting grounds. The best defense is skepticism. Check URLs, avoid clicking direct links and never give away details that don’t match the claim’s purpose. Your payout should help you recover, not put you at greater risk.

Have you ever received a settlement notice that felt suspicious, and how did you handle it? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

CLICK HERE TO GET THE FOX NEWS APP

Copyright 2025 CyberGuy.com.  All rights reserved.