Cybersecurity Alert: Phishing Threat Masquerading As Hawaiʻi Departments

HONOLULU - The State of Hawaiʻi is warning the public of a potential phishing campaign using the domain codify.inc to impersonate official government websites.

What to Watch For:

Cybercriminals are creating deceptive web addresses (subdomains) to trick users into providing sensitive personal information or login credentials. Examples include:

• hi.usa.codify[.]inc (Impersonating the Dept. of Labor and Industrial Relations)
• Here are similar links targeting other state agencies (do not open these links):
  • https://dlir.hi.usa.codify.inc/
  • https://hdoa.hi.usa.codify.inc/
  • https://hidoe.hi.usa.codify.inc/
  • https://dod.hi.usa.codify.inc/
  • https://health.hi.usa.codify.inc/
  • https://dbedt.hi.usa.codify.inc/
  • https://dcca.hi.usa.codify.inc/
  • https://psd.hi.usa.codify.inc/
  • https://tax.hi.usa.codify.inc/
  • https://dhs.hi.usa.codify.inc/
  • https://bud.hi.usa.codify.inc/
  • https://hidot.hi.usa.codify.inc/

These sites may appear legitimate and often use "AI-native services" as a lure to encourage users to enter their data.

How to Protect Yourself:

• Check the URL: Official State of Hawaii websites will always end in .gov. If the address ends in .inc, .co, or any other extension, it is not an official government portal.
• Verify the Source: Do not click on links provided in unsolicited emails or text messages. Type official addresses directly into your browser.
• Report Suspicious Activity: If you encounter a site you believe is fraudulent, please report it to the [email protected]