This cybersecurity investigation has identified a multi-faceted scam campaign connecting fraudulent domains with financial service companies that have generated significant consumer complaints. The campaign centers around three domains registered within two days of each other in January 2026: bnkunion.com, moganhomes.com, and darntoughusock.com. All three domains were registered through Realtime Register B.V. and share the same underlying infrastructure, indicating coordinated operation by the same threat actors.
The domain infrastructure is connected to three financial service companies through consumer co-reporting patterns. ACCESS GROUP INC., operating in the student loan industry, has accumulated 149 CFPB complaints and shows connection to the bnkunion.com domain. ACCOUNT SERVICES INC., a debt collection company with 8 CFPB complaints, and The Money Company, a payday loan operation with 2 CFPB complaints, are also linked to the bnkunion.com domain through complaint co-reporting. These connections suggest the domains may be used to impersonate legitimate financial institutions or facilitate fraudulent financial services.
Community reports reveal employment-based fraud schemes targeting job seekers. Victims describe being contacted about delivery and administrative positions, with scammers requesting sensitive personal information including ID documents and W-2 forms during fake employment processes. One report specifically mentions a 30-day unpaid work scheme promising lump sum payments, while another involves Spanish-language job postings for administrative assistant positions in Puerto Rico, indicating potential targeting of Spanish-speaking communities.
To protect yourself from this campaign, verify any job offers by independently researching the company through official channels and never provide personal identification documents or financial information during initial employment screening. If contacted by phone about employment opportunities or financial services, hang up and call the company directly using publicly listed contact information. Do not click links in unsolicited emails or text messages. Report suspected fraud to the FTC at reportfraud.ftc.gov or file complaints with the FCC for unwanted calls and texts. Before engaging with any unfamiliar website or phone number, check consumer protection databases and search engines for scam reports.
This campaign presents a moderate threat level due to the combination of shared fraudulent infrastructure, multiple financial service complaint patterns, and active employment fraud schemes targeting personal information theft. Consumers should exercise heightened caution when receiving unsolicited employment offers or financial service communications. Immediate next steps include monitoring the identified domains for takedown, tracking complaint patterns for the connected companies, and alerting job placement websites about the fraudulent employment postings to prevent further victim recruitment.