Cybercriminals have already created over 50 fake websites in an effort to steal the identities and personal information of US parents set to receive their first child tax credit payments this month.
According to a new report from the cybersecurity firm DomainTools, scammers immediately saw an opportunity when US President Biden signed the American Rescue Plan into law back in March. As part of the plan, parents with children five years or younger will receive checks for $3,600 while those with children between the ages of 6-17 will receive $3,000.
Unbeknownst to many parents, these funds will arrive in their accounts automatically as they’re being sent out by the IRS and unlike with last year’s stimulus checks, there is no need to manually enroll in the program. However, this hasn’t stopped struggling parents from trying to enroll in the program online and this presented the perfect opportunity for scammers.
The fake sites discovered by DomainTools mimic the look and feel of legitimate government websites with catchy names such as “americanreliefplan.com” and “americanreliefcarefunds.com”. It’s worth noting though that the US government would never use the top-level domain (TLD) “.com” as the “.gov” TLD is specifically reserved for government websites.
Gathering personal information
As is the case with many phishing scams, a number of these fake websites include application forms which require parents interested in enrolling in the American Rescue Plan to provide their full names, phone numbers, addresses and their mother’s maiden name. In fact, some sites also asked that those applying upload a photo of their ID.
With these personal details in hand, the cybercriminals behind this scam can then commit identity theft and use victim’s stolen identities to apply for loans or credit cards or even file fraudulent tax returns. As recovering from identity theft can take years and cost thousands of dollars, users need to be extra careful especially around tax season when similar scams arise each year.
DomainTools eventually tracked 41 of the fake websites back to a Nigerian web development firm named GoldenWaves. However, when The Sun reached out to the company, it said that its web hosting account had been compromised and that it was working with its web hosting providers to take down all of the fraudulent sites.
Senior security researcher at DomainTools, Chad Anderson provided further insight on this latest scam, saying:
“Credential harvesting campaigns continue to be a fruitful way for attackers to gain legitimate legal documents they can then resell or use for more sophisticated behavior. When looking for federal aid, those in need the most may not always be fully aware of how that aid is being distributed. In the case of the American Rescue Plan Act that money was coming directly from the IRS, but nonetheless unsuspecting victims could be led into uploading their identification documents to one of these sites.”
Via The Sun