The Federal Bureau of Investigation (FBI) has issued a critical Public Service Announcement (PSA) revealing that cybercriminals are creating fake, or ‘spoofed,’ versions of the FBI’s IC3 (Internet Crime Complaint Center) website to steal user data.
IC3 is a primary tool where people can file reports on cybercrime and online scams. The platform was established in 2000 as the Internet Fraud Complaint Centre but was later renamed in 2003 to represent its overall mission.
According to the FBI’s advisory, threat actors create these fake websites by making slight changes to the legitimate domain name, such as alternate spellings or different web addresses, as seen in previous cases like ɢoogle.com rather than Google.com. This is done to “gather personally identifiable information entered by a user into the site, including name, home address, phone number, email address, and banking information.”
The advisory warns that users may unknowingly visit these fake portals while attempting to file an official report, exposing their sensitive data. The goal of these fake sites is to steal personal information and trick people into monetary scams.
The FBI also warns that these scammers may even pretend to be IC3 staff. They might contact you, claiming they can get your lost money back, but only if you pay them a fee first. This is a clear sign of a scam, as the FBI and IC3 will never ask for payment to help a victim. In fact, between December 2023 and February 2025, the agency received over 100 reports of these impersonation scams.
Not The First Time
This is not the first time that scammers have impersonated the Internet Crime Complaint Center to carry out possible phishing or malware campaigns. As far back as 2018, fraudulent emails and websites mimicking IC3 were used to trick users into providing sensitive information, sometimes even embedding malicious files for installation.
What can you do to protect yourself?
The FBI has some crucial advice. The safest way to access the site is to type www.ic3.gov directly into your browser’s address bar. The FBI specifically advises against using search engines and clicking on ‘sponsored’ results, which are often paid ads for these fake sites.
Always check the URL to make sure it ends in ‘.gov’ and has no misspellings, and avoid clicking on links with low-quality graphics, which are another hallmark of fraudulent websites.
Keep in mind that the IC3 does not have any social media pages, so if you see one claiming to be official, it’s a fake. If you fall victim to one of these impersonation scams, be sure to report it to the real IC3 site and provide as much detail as possible, including any financial transaction information.
