April 10, 2015 By Douglas Bonderud 2 min read

Cybercriminals are hosting fake government websites, according to the FBI’s Internet Crime Complaint Center (IC3), which warned that malicious actors are now mimicking government sites and convincing users to give out their personally identifiable information (PII). Then, they are collecting fees for services that aren’t delivered, charging credit cards or changing employment benefit designations. What’s driving this trend, and how do users stay safe?

New Markets

Government websites don’t always perform as intended; the Healthcare.gov debacle last year had more than a few citizens and news pundits up in arms. However, despite the unwieldy nature of some government sites, Americans are now Internet-savvy and confident enough to provide PII if they believe the website they’re accessing is legitimate. In the case of Healthcare.gov, for example, the White House reported that more than 7 million users enrolled in health care plans during the site’s first six months despite performance and data collection issues. For cybercriminals, this newfound confidence in online systems presents a new and very lucrative market: If they can convince users they’re accessing a real government website, some of their most sensitive data will be up for grabs.

Search and Defraud

Here’s how it works: Users often look for services using popular search engines, so cybercriminals design fake government websites using black hat SEO tactics so they’ll rise to the top of the search rankings. Citizens looking to replace a Social Security card or sign up for government programs click on these legitimate-seeming links and are prompted to enter PII such as their name, date of birth and Social Security number and are often asked to pay a “service fee” via their credit card. In some cases, victims are also asked to send copies of personal documents in the mail, such as birth certificates or their driver’s license.

The result? Users are totally at the mercy of cybercriminals. The FBI reports that most get stung for a $29–$199 credit card fee up front and are then told to wait a few weeks for processing, during which time their credit cards are repeatedly defrauded. In some cases, third-party designees are added to Employer Identification Number cards, fraudulent loans are obtained and fake tax returns are filed. Any follow-up contact by email or phone is ignored, with phone lines often out of service and emails bouncing back to the sender. In short, those victimized have little choice but to have all their personal documents and credit cards reissued and must spend years doing damage control.

Staying Safe

So how do users avoid the problem of fake government websites? According to Federal Times, there are several ways to stay safe. First, it’s critical to rely on .gov sites exclusively; other domains are likely the property of cybercriminals. Additionally, users should always research the company or services they’re looking for. Are there any negative reviews online? Are the phone numbers and email addresses consistent with other government websites? Caution should also be used when it comes to any special offers or limited-time deals, since government services don’t typically operate this way.

Scammers have tapped into a new market of Internet-savvy Americans looking to leverage online government services. As a result, fake government websites are on the rise. In order to stay safe, only enter PII on official .gov websites, don’t automatically trust the first search listing that pops up and take the time to look deeper. The takeaway is that efforts are better spent tracking down the right government website than dealing with the aftermath of fake website fraud.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today