Cybercriminals have already created over 50 fake websites in an effort to steal the identities and personal information of US parents set to receive their first child tax credit payments this month.
According to a new report from the cybersecurity firm DomainTools, scammers immediately saw an opportunity when US President Biden signed the American Rescue Plan into law back in March. As part of the plan, parents with children five years or younger will receive checks for $3,600 while those with children between the ages of 6-17 will receive $3,000.
Unbeknownst to many parents, these funds will arrive in their accounts automatically as they're being sent out by the IRS and unlike with last year's stimulus checks, there is no need to manually enroll in the program. However, this hasn't stopped struggling parents from trying to enroll in the program online and this presented the perfect opportunity for scammers.
- We've put together a list of the best website builders available
- These are the best web hosting services on the market
- Also check out our roundup of the best DDoS protection
The fake sites discovered by DomainTools mimic the look and feel of legitimate government websites with catchy names such as “americanreliefplan.com” and “americanreliefcarefunds.com”. It's worth noting though that the US government would never use the top-level domain (TLD) “.com” as the “.gov” TLD is specifically reserved for government websites.
Gathering personal information
As is the case with many phishing scams, a number of these fake websites include application forms which require parents interested in enrolling in the American Rescue Plan to provide their full names, phone numbers, addresses and their mother's maiden name. In fact, some sites also asked that those applying upload a photo of their ID.
With these personal details in hand, the cybercriminals behind this scam can then commit identity theft and use victim's stolen identities to apply for loans or credit cards or even file fraudulent tax returns. As recovering from identity theft can take years and cost thousands of dollars, users need to be extra careful especially around tax season when similar scams arise each year.
DomainTools eventually tracked 41 of the fake websites back to a Nigerian web development firm named GoldenWaves. However, when The Sun reached out to the company, it said that its web hosting account had been compromised and that it was working with its web hosting providers to take down all of the fraudulent sites.
Senior security researcher at DomainTools, Chad Anderson provided further insight on this latest scam, saying:
“Credential harvesting campaigns continue to be a fruitful way for attackers to gain legitimate legal documents they can then resell or use for more sophisticated behavior. When looking for federal aid, those in need the most may not always be fully aware of how that aid is being distributed. In the case of the American Rescue Plan Act that money was coming directly from the IRS, but nonetheless unsuspecting victims could be led into uploading their identification documents to one of these sites.”
- We've also featured the best website defacement monitoring
Via The Sun
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.