You didn’t think the U.S. government would send $ 1,200 to millions of Americans without seeing some fraudsters and unscrupulous online shoppers, did you?

Hundreds of domain names associated with the $ 2 trillion stimulus package were registered last month, according to a new report by security firm Tessian.

The domain names in question are used for a variety of purposes. Some are spam and data mining traps. Some appear to lead to educational websites, while others offer consulting services or assistance in getting your billing or business debt checked. Of course, this does not mean that they offer a real source that does not attach a string.

“Cybercriminals will always follow the money, and look for ways to take advantage of the fact that people are looking for more information or guidance on this scheme,” Tessian CEO Tim Sadler said in a statement to Mashable.

Weak internet marketers often use trending topics for their money-making opportunities. For weeks, Google Trends data has shown that stimulus-related questions and search queries dominate Google search.

By using these domains, scammers were able to visualize their site as a subject matter authority as well as game search engines for better placement on search results pages.

A Mashable-reviewed site, which includes the keywords “stimulus” and “COVID-19” in the URL, attempted to install a browser load app. The single page website offers more than a few paragraphs of stolen copy and an email sign-up form.

Unlike similar scams, like the various tax-related online scams that come every year, coronavirus-stimulating sites do not attempt to mimic official government websites.

In total, the report found 673 non-governmental, stimulus-related contacts registered between March 17 and April 13. Exactly how much was unclear is unclear. Some may be trying to provide actual, useful services. But others are looking to earn the extra cash the government lends to millions of pockets.

Tessian found that a quarter of all those associated with stimulus domains offer educational resources from consultants, lawyers, and other experts. It is unclear how many of these websites offer legitimate services.

Perhaps most noteworthy is that 10 percent of newly registered, non-governmental domains provide a “tool calculator” for people to evaluate their eligibility for stimulation. Some of these tools require users to enter personal information such as their salary or address.

Sadler specifically warns users to be careful around these types of sites.

“Cybercriminals can use the information you share on targeted phishing emails to include ‘results’ in your analysis, tricking you into clicking malicious links with intent to steal money. , credentials or installing malware on your device, “he explains.

In addition, the IRS has set up its own official check enforcement status check.

Other domains in the report offer loans to businesses during the pandemic. Some provide outlets for those seeking to provide their stimulus check to the COVID-19 cause.

In the last month, infectious actors have become hard at work, trying to take advantage of the coronavirus crisis. Scammers are chasing fake test kits and non-existent vaccines at fly-by-night ecommerce stores.

“Always check the domain URL and verify the legitimacy of the service.”

Last month, an Instagram meme account with 14 million followers was banned from the service after spreading a coronavirus-related money-making scheme.

Even services specific to the coronavirus pandemic have been the focus of criminals. For example, Zoom, the video conferring platform that gained popularity during the pandemic, was targeted by hackers who used it to steal people’s personal data.

“While not all domains registered in the last month can be malicious, it’s possible that websites that offer consulting and business loans can be set up to trick people into sharing money or personal information, “Sadler said. “Always check the domain URL and verify the legitimacy of the service by calling them directly before taking action.”

