Scammers build fake FBI crime reporting portals to steal personal info - warns FBI

News
By published

Someone is spoofing the FBI's IC3 website

Dark Web monitoring
(Image credit: Adobe)
  • Fake IC3 websites are tricking users into giving away personal and banking information
  • Cybercriminals spoof trusted domains and pair them with phishing emails for redirection
  • FBI warns spoofed IC3 sites may mislead victims trying to report cybercrime

Fake Internet Crime Complaint (IC3) websites are being used to scam people into giving away sensitive personal and banking information, according to the Federal Bureau of Investigation (FBI).

The bureau recently issued a new public service announcement to warn about the malicious landing pages, which are the US government’s main hub for reporting cybercrime.

It collects complaints about online scams, fraud, identity theft, ransomware, and other internet-enabled crimes, and then shares it with law enforcement agencies to help investigate and track digital threats across the country and globally.

Impersonating the government

Anyone, be it victims, or third parties, can file a report through IC3’s official website. While not every case gets a direct response, the data helps the FBI understand broader trends and take action when possible.

“Threat actors create spoofed websites often by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information entered by a user into the site, including name, home address, phone number, email address, and banking information,” the FBI warned.

For example, spoofed website domains may feature alternate spellings of words or use an alternative top-level domain to impersonate a legitimate website.

Members of the public could unknowingly visit spoofed websites while attempting to find FBI IC3's website to submit an IC3 report.

Cybercriminals spoof legitimate websites all the time. Fake Google or Amazon login pages are created to steal the credentials for Workspace or cloud services. Fraudulent banking homepages are created to trick people into handing over access to their bank accounts, and social media sites are spoofed to access business accounts and propagate malware via paid advertising.

These sites are usually paired with a phishing email campaign, which are used to redirect the victims without raising any suspicion.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.