This scam campaign centers around a fraudulent lending operation using the "CheckGo" brand, operating through a network of 7 connected domains and 2 phone numbers (470-750-9964 and 470-750-9962). The campaign employs a sophisticated infrastructure setup where domains auth.checkgos.org, start.checkgos.org, go.checkgos.org, start.borrowly.org, and predatorswatch.com all share the same hosting infrastructure with 50% confidence connections. These domains connect to an older domain, start.checkgo.org, which was registered on August 24, 2023, while the newer domains were registered much more recently between June 26 and July 4, 2025, all through NAMECHEAP INC.
Consumer reports reveal the campaign's methodology involves unsolicited text messages claiming to be from "Mark from CheckGo" or "Annie from CheckGo," informing recipients that their loan requests have been "reviewed and accepted." The messages direct victims to click on links leading to start.checkgos.org with specific tracking codes like "/oDBUNQM7" and "/956IQ4u." Community reports show victims receiving multiple messages from different numbers, with some creating false urgency by claiming requests are "pending and now deemed accepted" and must be viewed "within 12 hours." Despite the active consumer reports, neither phone number has generated FTC complaints yet, suggesting this may be an emerging or recently escalated campaign.
The infrastructure analysis reveals a concerning pattern where the scammers are rapidly expanding their domain portfolio while maintaining shared hosting resources. The connection between start.checkgo.org and phone number 470-750-9964 shows a 35% confidence reported-together relationship, indicating these assets are being used in coordinated attacks. The inclusion of predatorswatch.com in the same infrastructure cluster suggests the operators may be running multiple parallel scam operations beyond just fraudulent lending.
To protect yourself from this and similar scams, never click on links in unsolicited text messages claiming you've been approved for loans you didn't apply for. Legitimate lenders do not conduct business through text messages with suspicious links. If you receive such messages, do not respond or click any links. Instead, hang up on suspicious calls, delete the texts, and report these incidents to the FTC at reportfraud.ftc.gov or to the FCC for unwanted text messages. Before engaging with any financial offer, verify the company's legitimacy through official channels, check their Better Business Bureau rating, and search for the phone number or domain name online to see if others have reported it as fraudulent.
This campaign represents a moderate-to-high threat level due to its sophisticated infrastructure, coordinated messaging approach, and rapid domain expansion pattern. Consumers should remain vigilant for messages from the identified phone numbers and domains. The campaign's use of shared infrastructure suggests ongoing operations that may scale quickly. We recommend continued monitoring of these entities and immediate reporting of any contact from these numbers or domains to relevant authorities.