These fake US government sites will just steal your data

Avast cybersecurity
(Image credit: Avast)

The FBI has issued an advisory cautioning people against the prevalence of fake websites that spoof unemployment benefits websites in an attempt to harvest personal and financial information.

According to the bureau, the fake websites do a good enough job to pass casual scrutiny, and use the phished details to claim unemployment benefits on behalf of their victims.

“Cyber criminals have created these spoofed websites to collect personal and financial data from US victims. These spoofed websites imitate the appearance of and can be easily mistaken for legitimate websites offering unemployment benefits,” cautiones the FBI through its advisory.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

In its advisory, the FBI notes that it has identified some 385 domains that are all hosted by the same IP address. Seven these it believes impersonate government domains pertaining to unemployment benefits 

Gateway to scams

The FBI’s intention with the advisory is to spread awareness about these scams. To help users protect themselves, the advisory unravels the ploys typically employed by such fake websites.

The tricks work because cybercriminals very tactfully register website domain names and email addresses that appear quite similar to those of legitimate ones. 

In the instance of faking websites that facilitate the processing of unemployment benefits, the FBI notes that the threat actors often rely on minor misspelling of words in the domain name, and even replace the top-level domain (TLD), such as .gov with .xyz.  

Once tricked, the users are further lured into the scam thanks to the carefully crafted website, before eventually prompting users to share their sensitive personal and financial information.

“Cyber actors use this information to redirect unemployment benefits, harvest user credentials, collect personally identifiable information, and infect victim's devices with malware. In addition to a loss of benefits, victims of this activity can suffer a range of additional consequences, including ransomware infection and identity theft,” warns the FBI.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.