The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as “possible malicious activity.”
Although it didn’t share any examples and didn’t point to specific attacks, the FBI said that such spoofed websites could be used by attackers in financial scams or to steal the visitors’ personal information.
“Threat actors create spoofed websites often by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information entered by a user into the site, including name, home address, phone number, email address, and banking information,” the FBI said.
“For example, spoofed website domains may feature alternate spellings of words or use an alternative top-level domain to impersonate a legitimate website.”
While the FBI didn’t link to any domains spoofing the Crime Complaint Center website, BleepingComputer has found several examples hosted at icc3[.]live, practicinglawyer[.]net, and ic3a[.]com.
Ironically, the first also shows a warning notice that’s currently displayed on the legitimate IC3 site, warning of scammers impersonating FBI IC3 employees to ‘help’ recover lost funds.
This alert was part of a public service announcement issued by the FBI in April, which was prompted by over 100 reports received between December 2023 and February 2025 of fraudsters using this tactic.
To defend yourself from similar scam attempts, the FBI recommends always entering www.ic3.gov in your web browser’s address bar instead of using a search engine and avoiding clicking on sponsored search results, as they’re often paid by scammers trying to redirect traffic to their own phishing pages from legitimate sites.
Additionally, never share your personal information with individuals met online or over the phone, and never send them money, cryptocurrency, gift cards, or other financial assets.
The FBI added that IC3 or FBI employees will never contact victims directly via phone, email, social media, mobile apps, or public forums, and will never ask for payment to recover stolen funds or refer victims to companies that require payment for fund recovery.
In April, the Spanish National Police arrested six suspects who contacted the victims of their cryptocurrency investment scam, posing as Europol agents or U.K. lawyers and asking them to pay local tax costs to recover their lost funds.
Two years ago, the FBI also warned that scammers impersonating government or law enforcement officials were using fake credentials and spoofing authentic phone numbers to extort money from potential victims or steal personally identifiable information.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Source link
