This scam campaign centers around a fraudulent lending operation using the "CheckGo" brand, orchestrated through a network of five interconnected domains that share the same underlying infrastructure. The primary domains include go.checkgos.org, start.checkgos.org, and auth.checkgos.org, all registered through NAMECHEAP INC on June 26, 2025. Two additional domains, start.borrowly.org (registered July 1, 2025) and predatorswatch.com (registered July 4, 2025), are part of the same network, with all five domains connected through shared infrastructure relationships.
The scammers are conducting an aggressive SMS-based campaign targeting consumers with unsolicited loan approval messages. Community reports document recipients receiving texts claiming their loan applications have been "pending and now deemed accepted" with urgent 12-hour deadlines. The messages typically come from individuals identifying themselves as "Annie from CheckGo" or "Mark from CheckGo," directing victims to click on links leading to start.checkgos.org with tracking parameters. The campaign appears designed to create false urgency and trick recipients into believing they have pending loan applications that require immediate action.
Analysis of the infrastructure reveals a sophisticated operation where all five domains are hosted on shared servers, allowing the scammers to quickly pivot between different domains and brands if one becomes blocked or reported. The rapid registration timeline spanning just eight days in late June and early July 2025 suggests this was a coordinated launch of the fraudulent operation. The inclusion of predatorswatch.com in this network is particularly concerning, as it may be designed to appear as a legitimate consumer protection resource while actually serving the scammers' interests.
To protect yourself from this type of fraud, never click on links in unsolicited text messages claiming you have pending loan applications, especially if you haven't recently applied for credit. Legitimate lenders do not send urgent approval messages via text with shortened links. If you receive these messages, do not engage with the content, do not click any links, and immediately block the sender. You can verify if a domain is legitimate by checking its registration date and researching the company through official channels. Report these scam attempts to the FTC at reportfraud.ftc.gov or file a complaint with the FCC for unwanted text messages.
This campaign represents a high-threat level due to its coordinated multi-domain infrastructure, aggressive targeting through unsolicited SMS messages, and impersonation of legitimate financial services. Consumers should remain vigilant for any messages from the CheckGo brand or links to the identified domains. Internet service providers and domain registrars should consider immediate action to suspend these fraudulent domains and prevent further consumer harm.