Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Warning - these tax credit scam websites could steal your identity

Image Description

Cybercriminals have already created over 50 fake websites in an effort to steal the identities and personal information of US parents set to receive their first child tax credit payments this month.

According to a new report from the cybersecurity firm DomainTools, scammers immediately saw an opportunity when US President Biden signed the American Rescue Plan into law back in March. As part of the plan, parents with children five years or younger will receive checks for $3,600 while those with children between the ages of 6-17 will receive $3,000.

Unbeknownst to many parents, these funds will arrive in their accounts automatically as they're being sent out by the IRS and unlike with last year's stimulus checks, there is no need to manually enroll in the program. However, this hasn't stopped struggling parents from trying to enroll in the program online and this presented the perfect opportunity for scammers.

The fake sites discovered by DomainTools mimic the look and feel of legitimate government websites with catchy names such as “americanreliefplan.com” and “americanreliefcarefunds.com”. It's worth noting though that the US government would never use the top-level domain (TLD) “.com” as the “.gov” TLD is specifically reserved for government websites.

Gathering personal information

As is the case with many phishing scams, a number of these fake websites include application forms which require parents interested in enrolling in the American Rescue Plan to provide their full names, phone numbers, addresses and their mother's maiden name. In fact, some sites also asked that those applying upload a photo of their ID.

With these personal details in hand, the cybercriminals behind this scam can then commit identity theft and use victim's stolen identities to apply for loans or credit cards or even file fraudulent tax returns. As recovering from identity theft can take years and cost thousands of dollars, users need to be extra careful especially around tax season when similar scams arise each year.

DomainTools eventually tracked 41 of the fake websites back to a Nigerian web development firm named GoldenWaves. However, when The Sun reached out to the company, it said that its web hosting account had been compromised and that it was working with its web hosting providers to take down all of the fraudulent sites.

Senior security researcher at DomainTools, Chad Anderson provided further insight on this latest scam, saying:

“Credential harvesting campaigns continue to be a fruitful way for attackers to gain legitimate legal documents they can then resell or use for more sophisticated behavior. When looking for federal aid, those in need the most may not always be fully aware of how that aid is being distributed. In the case of the American Rescue Plan Act that money was coming directly from the IRS, but nonetheless unsuspecting victims could be led into uploading their identification documents to one of these sites.”

Via The Sun

Date

30 Jul 2021

Sources


Share


Other Blog

  • Huawei MatePad Pro 2 5G looks likely soon, and it may have 40W charging

    Huawei’s next flagship tablet is set to launch in China soon, and it may come to other countries soon after.

    Read More
  • RTX 3060, RTX 3070, RX 6800, and more in stock on Newegg Shuffle

    Newegg is offering RTX 3060, RTX 3060 Ti, RTX 3070, and RX 6800, and RX 6800 XT graphics cards through their Newegg Shuffle program for a limited time only.

    Read More
  • Russia is expecting payback cyberattacks following SolarWinds hack

    A Russian government agency warns domestic businesses to prepare for retaliatory cyberattacks in response to the SolarWinds breach.

    Read More
  • New year, new you: 5 data resolutions to help CIOs create a game-changing IT department

    Follow these tips to optimize data management in the new year.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us