State Warns Kauai Residents of Phishing Campaign Targeting Hawaiʻi Agencies

State officials issued an advisory on December 31, 2025, warning that a coordinated phishing campaign is using deceptive internet domains to impersonate Hawaiʻi government agencies. The notice highlighted multiple spoofed domains, including examples such as dlir.hi.usa.codify[.]inc, and provided practical steps for residents to protect personal data and credentials.

The advisory emphasized that official state websites end with .gov, and that deceptive domains often add extra segments or unfamiliar endings to appear authentic. Officials urged people to verify URLs before entering sensitive information, to avoid clicking on unsolicited links in email messages or text messages, and to report suspicious sites or activity to the Hawaii security operations center at soc@hawaii.gov.

For Kauai residents, the campaign presents concrete risks. Many islanders interact with state services for benefits, licensing, employment matters, and permits. Fraudulent sites that mimic government pages can harvest Social Security numbers, driver license information, unemployment account credentials, and other personal data. Small businesses that rely on state filings or tourism related licensing may also be targeted if they respond to bogus requests purporting to come from state agencies.

The advisory included practical protective measures. Residents were encouraged to confirm web addresses use the .gov domain, to refrain from providing passwords or financial information through links received by email or text, and to enable stronger account protections such as unique passwords and two factor authentication where available. The notice also recommended keeping devices and software up to date, and reporting any suspected phishing attempts to the state security operations center at soc@hawaii.gov.

This incident reflects a broader international trend in online crime where attackers register lookalike domains across global registrars to exploit public trust in official brands. For a community like Kauai that values close ties between residents and public services, vigilance is particularly important during busy administrative periods or holidays when people may be more likely to respond quickly to messages.

County offices and local service providers should check their digital communications for signs of spoofing and remind clients and staff to verify addresses before sharing sensitive information. Residents who believe they have been targeted should change affected passwords, alert their financial institutions if account information was exposed, and forward suspicious messages to soc@hawaii.gov for investigation.