Since the US government announced that citizens who make less than $75K would receive $1,200 checks, we have found that there have been 673 newly registered domains related to the $2T stimulus package.
Unlike the domains spoofing the U.S. Census that we discovered earlier this month, these URLs aren’t intended to mimic official government websites. Rather, these domains have been set up to take advantage of the stimulus package, using common questions or key words to lure users in such as whereismystimuluscheck.com or covid-19-stimulus.com.
When we looked at the newly registered domains more closely, we found that nearly half of the newly registered domains hosted websites offer the following services:
We also found that 7% of these spoofed domains were spam websites, with no clear call to action.
With hackers capitalizing on this global health crisis to launch targeted phishing scams, people need to be mindful of what information they share on these sites.
The thing is that cybercriminals will always follow the money, looking for ways to take advantage of the fact people will be seeking more information or guidance on the stimulus package. Although not every domain registered in the last month may be malicious, it’s possible that these websites offering consulting and business loans could be set up to trick people into sharing money or personal information.
Our advice? Always check the URL of the domain and verify the legitimacy of the service by calling them directly before taking action.
It’s also important to consider what data you are being asked to share via websites offering calculators or status checks, and what the websites offer after you have taken an action. Cybercriminals could use the information you shared to craft targeted phishing emails that include the ‘results’ of your assessment, tricking you to click on malicious links with the intention of stealing money, credentials or installing malware onto your device.
Earlier this week, the IRS launched a new online resource for citizens to check on their payment status. We anticipate that even more URLs will crop up as a result of this.