An elaborate scam used the domain DebtCredit.US to generate thousands of dollars in unlawful IRS refunds, then used a phony debt collection agency to seek their “return.”
According to Krebs On Security, the method that these cybercriminals use, works like this:
Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.”
In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency.
Krebs On Security identified the same content on the domain JCDebt.com, registered just three weeks ago, according to DomainTools. The WHOIS information is bogus and it’s hosted on Dutch servers – presumably to avoid any shutdown notices or other action from US authorities.
Domain investors expecting a hefty refund this tax season, be very wary about incoming calls proclaiming to belong to tax collectors, the IRS or any other federal agency.
We ran a report against the scammer’s email address, WHOIS-PROTECT@HOTMAIL.COM and it returned the following domains, all of them registered under a Chinese individual’s name. Many thanks to DomainTools for providing a valuable domain research tool that can assist with combating cybercrime.
118enquiries.com
247trusteddrugstore.com
4thechelon.top
aanvraag-iban.com
aanvraag-iban.info
abnamro.xyz
abnamrobank.top
abnamto.com
accwb.org
activationprocess.info
activeren.info
actualizacionesmoviles.co
actualizacionmovil.co
ad-service-google.com
adibena.info
adl4yq4thh.com
admin-check.win
adminopanelo.top
advantagetaxrelief.com
advertcloudsend.com
afp-gov-au.com
aglenergyonline.com
aglieshippingcompany.com
airjonlineshop.com
airpurifiers-review.com
ajoutletshoponline.com
all-realtors.com
allrulesapply.com
alovsmtx.net
alphacontinentalgroup.com
amazing-cloudpng.com
amazonaccountstatus.com
amazonaccountstatus.info
amazonrecoveryprogram.com
americanmeds247.com
amex-psk.org
amexsafetykey.org
angrybirdsnew.top
another-day.info
apksecurityservices.com
aplodosanto.ltd
applerecoveryprogram.com
applerecoveryprogram.top
apps-myob.com
apps-myob.org
asic-au-gov.com
asic-gov-au.com
asic-government-au.com
asic-mail-gov-au.com
asic-message-gov-au.com
asic-notification-gov.com
asic-online.net
asica.biz
asicsa.net
asicsau.com
asicsaustralia.biz
asicsoutlet.org
askwhitepapper.com
atlanticfinanceltd.com
ato-gov-au.net
au-ac.com
au-imperialone.com
audig.org
audioandvideoshop.win
augovn.com
auide.com
aussiepay.co
austgov.com
austr.net
australianenergysolutions.com
australiangovernement.com
australiangovernments.com
autozabiconsignment.com
autsl.com
auwae.org
aviraantispam.com
avoplesa.co
axpqc.net
babspifbab.com
bank-operativebank.com
bankieren-rabobank.com
bankieren-rabobank.info
barcalys-offers-online.com
basicgov.net
bear-sortear.top
berenicado.top
bererez.top
bestasidax.site
bestbinconsult.top
betaal-verzoekje.com
betaalverzoekjes.com
bezdelnik.top
bilibins.net
bill-swisscom.com
binjis.com
blink2home.com
blockchadn.info
blockchafin.info
blockchafln.info
blockchalhn.info
blockchalnt.info
blockchaltn.info
blockchatin.info
blockchdlin.info
blockchdln.info
blockchfain.info
blockchgain.info
blockchgein.info
blockcholn.info
blockchqjn.info
blockclhalm.info
blockclhoin.info
blockclhqin.info
blocklbain.info
bloclkchaln.info
bloclkchqin.info
blokchaim.com
blokchainm.info
blokchalm.com
blokchalm.info
blokchalnm.info
blokcheim.info
blokchgain.info
blokclbain.info
blokclhalm.info
blokclhaln.info
blokochain.info
bmo-ca.com
bnetc.com
bnpinvestments.net
boboincat.top
bonda.top
borfedoram.top
bountyeth.com
brewaeron.cc
bromelax.com
bt-europe.com
bt1.biz
btcencrypt.top
btconnect.biz
btconnect.info
btcproff.top
btdnet.com
btglobalbiz.com
btmcontent.com
btsdl.org
btsgl.com
bttconnect.com
bungesec.com
business-santander.com
businessdirs.com
ca-cgi-bin-28269-www-costco.com
ca-membre-31861-www-costco.com
ca-page-18350-www-costco.com
ca-session-41860-www-costco.com
cabokerlskoka.net
canadapost-packagecenter.com
cdnkerkobona.com
cemovikaron.ltd
cerdecmark.com
cerdilaz.co
certificate-637-9270.com
certnum.com
chase-online-verify.com
cikjdyfuelfkermf.net
citylinkres.com
cityoflight.info
classbtc.top
clipoststats.com
cloudflilaror.com
cloudfraled.com
cloudgooglepng.info
cloudstatic-protect.com
cloudstatpng.info
cmaill.com
cmdsecurity.xyz
cofoncorporatmif.top
cofonderot.top
com-1826-interac.com
com-2017-17534-flash.com
com-2945-interac.com
com-3657-interac.com
com-accweb-30373-www-desjardins.com
com-accweb-319535-www-desjardins.com
com-accweb-38542-www-desjardins.com
com-bradangelina74352-pornhub.com
com-id-20543-www-bmo.com
com-id-219454-www-bmo.com
com-id-27346-www-bmo.com
com-membre-41308-www-desjardins.com
com-membre-48276-www-desjardins.com
com-membre-484216-www-desjardins.com
com-page-1056-www-desjardins.com
com-page-134185-www-scotiabank.com
com-page-13784-accesd-desjardins.com
com-page-138642-www-bmo.com
com-page-17435-www-bmo.com
com-page-18563-www-bmo.com
com-page-193464-accesd-desjardins.com
com-page-19853-accesd-desjardins.com
com-page-2195-www-desjardins.com
com-page-21965-www-desjardins.com
com-page-234526-www-scotiabank.com
com-page-27540-www-desjardins.com
com-page-292345-www-desjardins.com
com-page-388465-www-scotiabank.com
com-page-434552-www-scotiabank.com
com-signin-348349-www-bmo.com
com-signin-37296-www-bmo.com
comdirect-online.com
comdirect-service.com
comdirect-sicherheit.com
commerzkundesicherheit.com
companieshousedr.com
companieshousegateway.com
companieshousesearch.com
compotrabla.com
connectssl.com
contenrackspace.info
coolashorenokq.com
cooperative-online-check.com
copucon.co
couriefonts.com
courierregularpdf.com
cpaaustraliaa.com
cryptbinary.top
cryptconsult.top
cryptosystem.top
custom-notifications.com
cwebu.com
data-ui.cc
datadirectory.org
dcgate.net
ddconnections.org
defaultbymail.com
dhl4.com
dibersako.top
digerdotor.com
direbotraco.top
diresofix.top
discountiphones.info
dobersiva.top
docs-sign.com
documentiinformazione.top
documentmanagementworkflow.com
docusign-australia.com
docusign-crm.com
docusign-net.com
docusigna.net
docusigne.net
docusigner.org
docusignsolution.com
dodofantisoda.ltd
dolkespore.top
domerporenta.com
dompledoraxo.ltd
dopersano.com
dopkrolista.info
doplesom.win
doplesonga.top
dopneforta.win
dopresomnago.ltd
dormefolt.top
dorpoclezia.top
dpduk.com
dreamlancet.com
dreamshmicer.net
dropbox-eu.com
dropboxa.com
dropboxbusiness.co
dropboxes.org
dropboxpc.com
dropboxsharing.com
dropboxsmarter.com
drvenergy.com
dsplocw.com
duerswaqopa.top
dxjcompany.com
dynamark-ncoa.com
e-intuit.com
easyservicereminder.com
ebayexprees.com
edfenergy-b2c.com
efax-net.com
efaxplus.com
egniceron.com
eksender.com
energy94.com
energyagent.net
energyau.com
energybrandlab.com
energyestore.com
energygce.com
energygroupinternational.biz
energyx5.com
enigma-tokens.co
enterprisebusinesscenter.com
evux.ws
exobot.ws
expert-mails.com
facedook1.info
fantasifier.com
farbrass.co
farcipa.co
fareasy.co
farforta.co
fargrettel.co
farhenzel.co
farkopa.co
farleta.co
farleza.co
farliza.co
farmarco.co
farmiga.co
farmona.co
farnafnaf.co
farnifnif.co
farnufnuf.co
farpansa.co
farpolo.co
farsancho.co
farsonka.co
fartarta.co
fartinto.co
fartora.co
fasttrade.top
fateliamail.com
fax-swisscom.com
fax4business.com
faxeb.com
faxing2.com
faxpak.net
faxring.com
faxto.info
federalgovernmentaustralia.com
fenixknow.info
feverge.xyz
ffl-check.cc
ffx2.net
ffxivs.com
fiferexitsam.top
financesearching.com
financialaccountant.info
findyoumoney.top
findyourmoney.top
fiskautoconsignor.com
flash-foe-update.win
flash-ire-update.win
flash-new-update.info
flash-old-update.top
flash-ome-update.win
flash-one-eupdatee.top
flash-one-eupdatte.top
flash-one-update.top
flash-one-update.win
flash-onenew-update.info
flash-ooe-update.win
flash-ore-update.win
flash-oue-update.top
flash-owe-update.win
flash-oxe-update.win
flash-oye-update.win
flash-playernewupdate.info
flash-toe-update.win
flash-woe-update.win
flash-yoe-update.win
flashnew-update.info
flashplayernew-update.info
flexxautoconsignment.com
fodregompo.top
fogerno.co
fokrifoxdelete.cc
folowmoney.top
fondowakan.top
fonedronto.top
foolermarkus.top
foplache.co
forartos.co
fordata.co
forduo.co
forenterano.top
forest-house.ltd
forlevis.co
formaadam.co
formaeva.co
formeast.co
formnorth.co
formono.co
formsolfed.co
formsonat.co
formsouth.co
formwest.co
fornedopla.top
forquadro.co
fortamoldara.ltd
fortria.co
fortuma.co
fotoalbum.top
foxtel.biz
freecloudscript.pw
freefaxservice.org
fsaccount.com
furyroad.cc
gamerduba.win
gate-inbound-efax.com
gatewayssystem.com
gemendoloma.top
get-adobe.top
getfontskerwoqa.info
getfontsqepodas.info
getoff.top
gifedreszano.top
glamradarmagazine.com
global-intuit.com
globalenergyfinance.com
goalkutoffsa.top
gocrypt.top
goglosmmosss.com
gonotrapis.com
goodmailsolution.com
goomezxooreged.net
gooretoksadji.net
gorexamndalis.net
gorodofanosa.ltd
gov-invoices.info
gov-reports.com
govbb.com
goverdake.com
government-securities.com
governmentconnect.org
governmentforms.org
governmentgateway.org
goviago.com
govian.org
goviau.co
govmc.org
govsec.biz
grekorimskiiiu.top
greoplan.win
handerope.top
hasdukfernando.biz
henerziba.com
herdoband.top
hiverdoveg.com
hmrc-update.info
hmrc.ltd
hobbytel.com
hohendopra.com
hollandtesting.info
homerbongasi.com
homerodka.top
homorhabu.com
hontorbam.top
hovercloudcompany.com
hsbcbank.top
hybridcloude.win
i-express-delivery.com
i-isupport.info
iban-naam-check.com
ic-canada.com
ics-valideren.info
icscards-inloggen.info
icscards-valideren.info
idevice-help.info
idevice-isupport.info
iexpressco.com
ilost-idevice.com
image-cdn.info
imaterona.com
inbound-efax-uk.com
inbound-efax.com
inboundcop.com
inc-r.com
ing-update.info
ingaservices.com
inlog-bankieren.com
inlog-bankieren.info
inlog-portaal.com
inlog-portal.com
inncryp.top
intaras.com
intaset.com
intelts.com
intergov.net
internationalfax.org
interprojects.net
intetel.com
intuite.co
intuite.org
intuito.biz
intuitrx.com
intuitws.com
invoice-box.net
invoice-boxes.com
invoice-boxes.net
invoice-cent.net
invoice-letter.net
invoice-mass.net
invoice-money.com
invoice-next.net
invoice-regard.com
invoice-tech.com
invoicemail.net
invoiceservise.com
ivermoney.top
jcdebt.com
johnsystems.info
kbc-bank.info
kogofonadora.ltd
kolorquick.com
kolpendofalof.ltd
koppelingbeheer.info
koppelingverificatie.info
kotonmbana.top
kryptische.top
labermail.com
lamba.top
lancedowning.com
last-case.com
last-resort.info
lekapopamota.top
leonsoftwares.info
liberas.top
liknedspeach.com
linkashare.com
linkshare.biz
linksharesite.com
linktoshare.org
livefax.info
llsecurityon1024bit.com
localmonero.top
login-nl.info
login-portal.com
login-portal.info
losyork.top
lovetffashionsotre.com
loveyezzynewversion.com
luxfaberkompanyd.net
lvonlineoutletworld.com
lvworldonline.com
mackdonatap.com
mafines.co
mafusail.co
mail-6.com
mail-asic-government-au.com
mail2marketing.com
mailbatumi.org
mailgateway-asic.com
mailupg.info
mandovandoga.net
marigas.win
mariusa.top
marketgomezplay.com
masterserver.top
megamonsterpizza.com
melanicooper.net
melanirotshid.net
memae.co
memel.info
message-efax.com
metoiran.com
metrobank-login.co
metrofax.info
micropud.info
mijn-account.com
mijn-inlog.com
mijn-inloggen.com
mijn-portaal.com
mijn-portal.com
mijning-activeren.info
mijnportaalbeheer.info
mitelinaris.top
moberdance.com
modelavoga.com
moderapona.info
modergoba.co
modreganto.top
mogendorama.top
momavefs.co
momdopre.top
momdroca.info
momeloato.com
momenrobla.top
momerdovan.top
momorolana.site
monbega.info
monderola.top
monerabis.top
mongevag.info
mongovaca.top
mongovaca.win
moonstatic.com
moperduble.com
mophloma.info
mopledora.win
mopledorga.top
mopledorissa.ltd
mopodaris.top
moprledolassa.ltd
moredolsan.win
morenopalisa.top
mortobravis.top
mosello.info
moserona.co
mosirago.ws
mottersomati.top
moxendroma.win
msrtroniles.top
mutim.top
my-icloud.info
mybtchunter.com
myethelrwallet.com
myetherwallet.top
myetherwalletfork.top
myetherwlallet.com
myethlerwallet.com
myob-online.com
myob360.com
myobaustralia.org
myobcenter.com
myobemail.com
myobexpress.com
myobnetwork.com
myobwiz.com
myquickr.com
naamcheck.com
natwest-rapport.com
nesiron.co
netflix-account.top
networkglobalhover.com
newconsulting.top
newcrypt.top
newdynamicservice.co
newstorealign.com
newsystembtc.top
nextbinary.top
ninocrobada.com
nodertoma.top
nodwyerpartners.com
nokatun.top
nonedoras.com
nonedrola.com
nonudoka.top
nopodrifta.com
notification-intuit.com
notification-intuit.org
notificationcenter.net
notificationsystem.org
nowinvesting.top
ojzasduqnwdwdqdqd.com
omgevingsruimte.com
omgevingsruimte.info
oncofonderot.top
onepageadvert.net
online-bankieren.com
online-quickbooks.com
online-quickbooks.net
onlinereminder.net
ontrealk.com
open-e-mail.com
operativka.top
orcmkllc.com
org-messages.com
organizationscolors.com
originofenergy.net
outopensslshall.com
paupal.info
payattention.info
payonattention.com
paypa.info
payrollworkflow.com
pifrola.info
piperdofalica.ltd
pirogamail.com
plusmoney.top
poldosigle.top
popelenga.info
portaalbeheer.info
post-xero.org
postbank-kundennummer43.com
postbank-kundennummerfinnaz.com
postnlgemist.com
postnlgemist.info
postnltrackentrace.com
postnltrackentrace.info
povrega.pw
power-gt.com
poypa1.info
privateshop-mailing.net
prointuitquickbooks.com
protect-googleplus.com
protecteth.com
provider-telecom.com
qbaccountants.net
qbo-intuit.org
qnpgateway.com
quickbook-accounting.com
quickbook-pro.com
quickbooks-intuit-uk.com
quickbooks-intuit.org
quickbooks-online.net
quickbooks-pro.org
quickbooks-support.biz
quickbooksonlineaccounting.com
quickbooksonloine.com
quickbooksproducts.com
quickddx.com
qwdoimgnujaidgunqwdqd.com
qwdqundhaasdqwez.com
rabo-aanvraag.com
rabo-bankieren.com
rabo-betaalverzoek.com
raboaanvraag.com
raboaanvraag.info
raboverzoek.com
raboverzoek.info
radobank.com
rafertozaga.com
ramelograna.com
ravelag.com
reblogadis.com
receipt-bank-service.com
receiveinternetfax.com
reckon-au.com
reckon.online
reckonfx.com
relishau.com
remarkerspot.com
riamoneyplus.com
ringcell.org
ringtonecentral.net
rnyetherwlallet.com
rogendorada.bid
roundcubewebmailexpress.com
rsadst.net
rt-freedns.org
ru-id45867957547.com
ru-security-service.info
run-swim-fly.com
s1email.com
saberstat.top
safereship.com
sage-50.org
sage-cl.com
sage-one.net
sage-uk.org
sage50.net
sageact.org
sageb.net
sageim.com
sagenoe.com
sages.biz
sagetop.com
sagittasrl.top
salselieza.com
samuplodron.info
sanalitics.com
santander-business.com
sapurtak.bid
saxzodra.top
screwfix-uk.com
secpay.org
secrect.info
secure-file-download.com
secure-id60.com
secureanalitics.co
secureanalitics.com
security-hsbc.site
seliopna.co
septimodus.com
servicebying.com
serviceguard-sicherungid.info
services-ebaygifts.com
setconfise.pw
setersin.com
setikocloud.com
setinfoco.com
setinifos.pw
setinofis.pw
sfpays.org
ship4mepls.info
shipping-control.com
sillyjokers.com
sitemapservice.com
skoiuagogwwkccoc.org
smebusinesslink.com
smokyhousehold.top
smrtgte.com
sobontapk.top
sofpolokatos.top
softwaredm.com
sokoprano.top
solomonjumping99.top
sondomax.co
sondoxana.top
sonfidoplexov.ltd
sontomoria.top
sonvodreiga.top
sopcofranda.top
sopelnas.co
sopledrac.info
soprekolon.top
sorondalta.com
sparkassesicherheit.com
spectrumpc.cc
srebrabina.com
ssl-sertificateconnect.com
sslstats.info
sslstatsita.info
sslstatsital.info
sso-tele2.com
stackryus.com
startingplacecompany.com
statscdndev.com
stmanagerfirstship.com
stpackagesmgrs.info
stshippingfirst.com
swisscom-mailgate.com
swissemailservice.co
syrenergy.com
systembtc.top
talktalksupport.com
targetinvest.top
targetmarketingcloud.net
teedunulut.top
telestrasystems.com
telstraq.com
tera-gaming.top
testtesting.info
tfjewelryoutlet.com
thefaxbook.com
thenopath.com
thereminderassistant.com
tippelbox.com
tipveritas.com
tmr-e.com
toblemen.info
toderna.top
todosdinamicosla.co
top-service.co
topelangoda.net
topwebmoney.top
torclient.com
tpg-net.com
travelsportlifestyle.com
trendkop.pw
trenkulotd.xyz
tretitnuni.top
trust-connectiions.com
trustreship.com
ukays.com
ukogono.top
ukrevenues.win
unikoin.co
unitedkingdomcloudexpress.com
updates-anvir.com
vadecona.com
vagidaris.top
vargoservice.com
vecoresxo.co
vendeta.info
vendetta.name
veneropter.com
verificatiekoppeling.info
verifieren.com
versde.com
verzoek-iban.info
verzoek.com
virginmediaconnections.com
vitamines.cc
vivertonado.com
vocrobat.co
vodafonestore.net
voip-brokers.com
vollertonnycam.cc
vonobrah.info
vuusao.org
wakilakgarments.ltd
wakuman.win
wasduherwasgu.net
webanalis.com
webstatistic.info
webtopcunsult.top
welcometolvworld.com
wellsfargocertificate-637-9270.com
weritasonda.com
whoischeckservice.co
windersokla.top
wixonolin.com
workrepresentatives.net
worldpayonline.com
xeaners.com
xero-accounting.com
xero.biz
xero.mobi
xeroaccounting.org
xerobank.net
xerobank.org
xerodebt.com
xeroform.org
xerohost.info
xerohost.net
xeroink.com
xeromc.net
xeromi.org
xeropayments.com
xeroservice.com
xerosx.com
xerosys.com
xerotek.net
xerowire.com
xopriozzanta.ltd
xoxomaplianta.ltd
yourlvaccount.com
yvex.pw
yvex.ws
zegaramon.com
zigerds.com
zohocrm.org
