We learn in email 101 that hyperlinks from unfamiliar senders are breeding grounds for scams. Microsoft has warned against clicking on foreign links for decades. The Federal Trade Commission (FTC) has repeatedly cautioned Americans to be wary of malware and phishing expeditions. Last year, the Federal Communications Commission (FCC) alerted consumers to a new cyber threat it dubbed “smishing”—targeting consumers with deceptive text, or SMS, messages—and urged consumers to “never click links, reply to text messages or call numbers you don’t recognize.”
WIRED OPINION
ABOUT
David Vladeck was the Director of the Federal Trade Commission’s Bureau of Consumer Protection from 2009 to 2012 and is currently the A.B. Chettle, Jr., Chair in Civil Procedure at Georgetown Law School. He sits on the Board of Directors of the National Consumer Law Center.
The Consumer Financial Protection Bureau apparently skipped these lessons. Despite many warnings, the CFPB has proposed a rule that could require consumers to click on hyperlinks in unfamiliar emails. The proposal allows debt collectors to deliver important information about a debt and a consumer’s rights via links in text messages and emails—without first obtaining consent to electronic communications, as is normally required under federal law.
Debt collectors are required to send a “validation notice” that tells a consumer when a debt has been placed in collection and that the consumer has the right to get information to be able to verify or dispute it. When Congress enacted the Fair Debt Collection Practices Act in 1977, it considered the validation notice critical to minimizing mistaken identity and errors on the amount or existence of a debt.
The risk of collectors going after the wrong person or wrong amount is much greater today. Since 1977, a new industry has bloomed: debt buying. As director of the FTC’s Bureau of Consumer Protection, I initiated a 2013 study that found nine of the largest debt buyers alone collectively held a debt of $143 billion from more than 90 million consumers. (As of 2017, two of the largest debt buyers, Encore Capital Group and Portfolio Recovery Associates, held a combined debt of $17.6 billion, about the GDP of Iceland.) Debt buyers sell and resell debts for years on end, typically without account records verifying that the debts are accurate, making the validation notice even more essential. Without one, a consumer won’t be told how to dispute a debt, and may be harassed for a debt she does not owe. According to an analysis of the CFPB’s complaint database, 44 percent of complaints against debt collectors concern attempts to collect a debt that the complainant does not owe. Worse yet, the collector could report the debt to credit reporting agencies, damaging the person’s credit, or even bring suit.
Today, debt collectors are obligated to send validations notices by mail unless the consumer consents to electronic communications. Giving consumers a choice makes sense. But the CFPB’s proposal would permit debt collectors, in some cases, to email or text a validation notice through a hyperlink that a consumer would have to click on to see without first getting consent. That is a terrible idea. Consumers are unlikely to recognize the debt collector’s name or feel comfortable clicking on a hyperlink when an unfamiliar email or text arrives. That’s true even if the creditor had already sent the consumer a fine print notice with the debt collector’s name and the right to opt out of hyperlinks, as the CFPB proposes.
Encouraging use of hyperlinks by unknown parties undermines government warnings about the risks of doing so and exposes consumers to criminal exploitation. Scammers pushing links with viruses, malware, and identity theft scammers are almost certain to impersonate debt collectors. Consumers will face a catch-22: Click and risk a virus or a scam, or don’t click and miss potentially legitimate information about why a debt collector is going after you and how to dispute the debt. Work computers could also be infected.
That’s still not the worst of the CFPB’s proposal. It also encourages emails and texts from collectors with no set limits. People could opt out, but the proposal does not specify how, and collectors might require an inconvenient method. Consumers should have a right to simply reply “stop.”
The National Consumer Law Center has highlighted a number of other problems–including for employers and businesses. The CFPB would allow collectors to ring you repeatedly, protect collection attorneys who make false statements in court submissions, permit privacy violations, and encourage collectors to pursue debts after the deadline for a lawsuit, even though the FTC has long taken the position that doing so often deceives consumers and can violate the law.
Members of the public have a chance to tell the CFPB what they think about the proposal until September 18. Debt collectors have long been at the top of the complaints received by both the FTC and the CFPB. The CFPB has a chance to change that trend by enacting a rule that protects consumers, not abusive debt collectors. Tell them to get it right.
WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here. Submit an op-ed at opinion@wired.com.
More Great WIRED Stories
- Upstart crossword puzzle builders get their point across
- The weird, dark history of 8chan and its founder
- How a 6,000-year-old dog cancer spread around the world
- This startup wants to tame the chaos of city street parking
- Ugly or not? The housing blocks Communism left behind
- 👁 Facial recognition is suddenly everywhere. Should you worry? Plus, read the latest news on artificial intelligence
- 💻 Upgrade your work game with our Gear team’s favorite laptops, keyboards, typing alternatives, and noise-canceling headphones