#Cybercriminals used .US, .COM #domain names in #IRS refund scam


An elaborate scam used the domain DebtCredit.US to generate thousands of dollars in unlawful IRS refunds, then used a phony debt collection agency to seek their “return.”

According to Krebs On Security, the method that these cybercriminals use, works like this:

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.”

In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They’ll call taxpayers who’ve had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency.

Krebs On Security identified the same content on the domain, registered just three weeks ago, according to DomainTools. The WHOIS information is bogus and it’s hosted on Dutch servers – presumably to avoid any shutdown notices or other action from US authorities.

Domain investors expecting a hefty refund this tax season, be very wary about incoming calls proclaiming to belong to tax collectors, the IRS or any other federal agency.

We ran a report against the scammer’s email address, WHOIS-PROTECT@HOTMAIL.COM and it returned the following domains, all of them registered under a Chinese individual’s name. Many thanks to DomainTools for providing a valuable domain research tool that can assist with combating cybercrime.

Copyright © 2018 · All Rights Reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available