State officials have issued a warning that scammers are using the domain codify.inc to impersonate Hawaiʻi government websites and steal personal information, including login credentials. The fake sites are designed to resemble official portals, with forms intended to deceive visitors. Residents across the islands are advised to verify web addresses and exercise caution before entering any personal information. This alert comes amid a series of scam warnings issued throughout the month.
State issues alert and fake portal examples
The Department of Accounting and General Services reports that the state’s cybersecurity team has identified several deceptive subdomains on codify.inc that mimic official state portals. The advisory highlights examples such as dlir.hi.usa.codify[.]inc and hdoa.hi.usa.codify[.]inc, and warns the public not to visit these sites. The imitation addresses are intended to collect login credentials and other sensitive information from unsuspecting users.
How the fake sites hook victims
Officials from the Governor’s Office said the cloned sites sometimes promote “AI-native services” to entice visitors to enter personal information. The advisory also notes that federal agencies have been targeted using the same codify.inc domain, indicating the scam extends beyond Hawaiʻi. Subdomains such as hi.usa.codify.inc can appear legitimate, particularly to users quickly viewing URLs on mobile devices.
Local context and earlier scam warnings
The statewide alert follows recent reporting by local media and comes as county police continue to warn residents about various impersonation scams. According to Maui Now, state officials have identified about a dozen departments whose websites have been cloned. Separately, Maui police warned that scammers have used public meeting agendas to try to trick residents into making payments.
How to protect yourself online
The Governor's office reminds the public that official Hawaiʻi government websites always use the “.gov” domain and advises against clicking links in unsolicited emails or texts. The Department of Accounting and General Services recommends typing known web addresses directly into a browser. If a page appears suspicious, users should close it without entering any information. Security officials also advise changing passwords and enabling multi-factor authentication if there is any concern that an account may have been compromised.
Where to report suspicious sites
Governor’s Office officials say that fake pages can be reported by emailing [email protected]. Complaints can also be submitted to federal authorities. The Federal Trade Commission provides guidance for reporting scams on its website, and the FBI’s Internet Crime Complaint Center accepts phishing complaints online. These reports help law enforcement track trends and, in some cases, support investigations.
Officials say they are monitoring the situation and will provide updates if additional impersonation attempts are identified. Residents are advised to contact the agency that supposedly sent a message or consult local police before clicking on any suspicious links.
