Cybercriminals are hosting fake government websites, according to the FBI’s Internet Crime Complaint Center (IC3), which warned that malicious actors are now mimicking government sites and convincing users to give out their personally identifiable information (PII). Then, they are collecting fees for services that aren’t delivered, charging credit cards or changing employment benefit designations. What’s driving this trend, and how do users stay safe?

New Markets

Government websites don’t always perform as intended; the Healthcare.gov debacle last year had more than a few citizens and news pundits up in arms. However, despite the unwieldy nature of some government sites, Americans are now Internet-savvy and confident enough to provide PII if they believe the website they’re accessing is legitimate. In the case of Healthcare.gov, for example, the White House reported that more than 7 million users enrolled in health care plans during the site’s first six months despite performance and data collection issues. For cybercriminals, this newfound confidence in online systems presents a new and very lucrative market: If they can convince users they’re accessing a real government website, some of their most sensitive data will be up for grabs.

Search and Defraud

Here’s how it works: Users often look for services using popular search engines, so cybercriminals design fake government websites using black hat SEO tactics so they’ll rise to the top of the search rankings. Citizens looking to replace a Social Security card or sign up for government programs click on these legitimate-seeming links and are prompted to enter PII such as their name, date of birth and Social Security number and are often asked to pay a “service fee” via their credit card. In some cases, victims are also asked to send copies of personal documents in the mail, such as birth certificates or their driver’s license.

The result? Users are totally at the mercy of cybercriminals. The FBI reports that most get stung for a $29–$199 credit card fee up front and are then told to wait a few weeks for processing, during which time their credit cards are repeatedly defrauded. In some cases, third-party designees are added to Employer Identification Number cards, fraudulent loans are obtained and fake tax returns are filed. Any follow-up contact by email or phone is ignored, with phone lines often out of service and emails bouncing back to the sender. In short, those victimized have little choice but to have all their personal documents and credit cards reissued and must spend years doing damage control.

Staying Safe

So how do users avoid the problem of fake government websites? According to Federal Times, there are several ways to stay safe. First, it’s critical to rely on .gov sites exclusively; other domains are likely the property of cybercriminals. Additionally, users should always research the company or services they’re looking for. Are there any negative reviews online? Are the phone numbers and email addresses consistent with other government websites? Caution should also be used when it comes to any special offers or limited-time deals, since government services don’t typically operate this way.

Scammers have tapped into a new market of Internet-savvy Americans looking to leverage online government services. As a result, fake government websites are on the rise. In order to stay safe, only enter PII on official .gov websites, don’t automatically trust the first search listing that pops up and take the time to look deeper. The takeaway is that efforts are better spent tracking down the right government website than dealing with the aftermath of fake website fraud.