Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


Warning - these tax credit scam websites could steal your identity

Image Description

Cybercriminals have already created over 50 fake websites in an effort to steal the identities and personal information of US parents set to receive their first child tax credit payments this month.

According to a new report from the cybersecurity firm DomainTools, scammers immediately saw an opportunity when US President Biden signed the American Rescue Plan into law back in March. As part of the plan, parents with children five years or younger will receive checks for $3,600 while those with children between the ages of 6-17 will receive $3,000.

Unbeknownst to many parents, these funds will arrive in their accounts automatically as they're being sent out by the IRS and unlike with last year's stimulus checks, there is no need to manually enroll in the program. However, this hasn't stopped struggling parents from trying to enroll in the program online and this presented the perfect opportunity for scammers.

The fake sites discovered by DomainTools mimic the look and feel of legitimate government websites with catchy names such as “” and “”. It's worth noting though that the US government would never use the top-level domain (TLD) “.com” as the “.gov” TLD is specifically reserved for government websites.

Gathering personal information

As is the case with many phishing scams, a number of these fake websites include application forms which require parents interested in enrolling in the American Rescue Plan to provide their full names, phone numbers, addresses and their mother's maiden name. In fact, some sites also asked that those applying upload a photo of their ID.

With these personal details in hand, the cybercriminals behind this scam can then commit identity theft and use victim's stolen identities to apply for loans or credit cards or even file fraudulent tax returns. As recovering from identity theft can take years and cost thousands of dollars, users need to be extra careful especially around tax season when similar scams arise each year.

DomainTools eventually tracked 41 of the fake websites back to a Nigerian web development firm named GoldenWaves. However, when The Sun reached out to the company, it said that its web hosting account had been compromised and that it was working with its web hosting providers to take down all of the fraudulent sites.

Senior security researcher at DomainTools, Chad Anderson provided further insight on this latest scam, saying:

“Credential harvesting campaigns continue to be a fruitful way for attackers to gain legitimate legal documents they can then resell or use for more sophisticated behavior. When looking for federal aid, those in need the most may not always be fully aware of how that aid is being distributed. In the case of the American Rescue Plan Act that money was coming directly from the IRS, but nonetheless unsuspecting victims could be led into uploading their identification documents to one of these sites.”

Via The Sun


30 Jul 2021



Other Blog

  • Dispelling three popular myths about AI

    We spoke to EY about what organizations should consider when implementing an AI strategy.

    Read More
  • RTX 3080 Super and RTX 3070 Super laptop GPUs might have just leaked

    A Lenovo laptop roadmap indicates that the company expects to see new RTX 3080 Super and RTX 3070 Super GPUs soon.

    Read More
  • The best Ultrabooks of 2020 in the Middle East: top thin and light laptops reviewed

    We've put together a definitive list of the best thin and light Windows laptops in the UAE, Saudi Arabia, Kuwait, Bahrain, Qatar and Oman.

    Read More
  • This is the best Black Friday deal we've seen on the new Macbook Air

    Get £100 off the new Apple MacBook Air (M1, 2020) with this Black Friday deal from Western Computers.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us