State Warns Big Island Residents of Phishing Campaign Impersonating Government Sites

The state issued a public warning on December 31, 2025, alerting residents to a coordinated phishing campaign that uses the domain codify.inc to create deceptive addresses that appear to be official government portals. Fraudsters have registered addresses formatted to mimic agency subdomains, including dlir.hi.usa.codify.inc as an impersonation of the Hawaiʻi Department of Labor and Industrial Relations; similar addresses were created for agencies such as hdoa.hi.usa.codify.inc, hidoe.hi.usa.codify.inc, dod.hi.usa.codify.inc, health.hi.usa.codify.inc, dbedt.hi.usa.codify.inc, dcca.hi.usa.codify.inc, psd.hi.usa.codify.inc, tax.hi.usa.codify.inc, dhs.hi.usa.codify.inc, bud.hi.usa.codify.inc, and hidot.hi.usa.codify.inc.

The deceptive sites may look legitimate and are reported to leverage so-called AI-native services as a lure to encourage users to enter personal information or login credentials. By imitating portals for unemployment, health services, tax payment, school administration and business licensing, the campaign poses direct risks to residents who access state services online. Compromised credentials or stolen identity data can disrupt benefits, delay tax filings, and create broader administrative burdens for both individuals and county offices that help residents navigate state systems.

For Big Island County, the threat underscores the intersection of cybersecurity with everyday governance and civic participation. Residents who lose access to benefits or who are targeted with fraudulent communications may be less likely to trust electronic government services, complicating outreach and enrollment efforts for programs administered at the state level. Local officials and service centers that assist with applications and licensing may face increased demand to help victims and to verify legitimate communications.

The state advised specific protections: check the URL because official state websites will always end in .gov; addresses ending in .inc, .co or other extensions are not official government portals. Do not click links in unsolicited emails or text messages; instead, type official addresses directly into your browser. If you encounter a site you believe is fraudulent, report it to the state via email at soc@hawaii.gov.

The incident highlights institutional responsibilities for clearer public education and stronger domain monitoring to prevent impersonation of critical services. As county residents continue to rely on online interaction with government, vigilance from individuals combined with coordinated action by state and local agencies will be essential to protect personal data and maintain public trust in government digital services.