FBI warns of phishing sites impersonating IC3 reporting portal

The bureau says criminals are creating convincing replicas of the IC3 site to steal personal and financial information.

What happened

The FBI issued an alert warning that cybercriminals are creating fake versions of the Internet Crime Complaint Center website to capture personal information from individuals attempting to report scams. According to Cyber Security News, the fraudulent sites closely resemble the legitimate ic3.gov portal and trick users into submitting their names, contact information, and banking details.

Going deeper

Investigators observed multiple impostor domains that mimic the design, text, and structure of the real IC3 site but use non-governmental domains or altered spellings. These pages are reached through search engine results, sponsored ads, or online community posts where scammers pose as victims and direct others to recovery portals. In some cases, attackers also impersonate IC3 personnel on messaging platforms and attempt to gather further information. Security researchers said that the fraudulent pages often replicate the IC3 complaint form and welcome message, creating a convincing environment that leads users to provide sensitive information without realizing the site is fake.

What was said

The FBI stated that the official IC3 website is located only at www.ic3.gov and stressed that it does not operate through social media or request payment for any type of recovery service. The bureau urged the public to navigate directly to the official address rather than relying on search results or links posted by unknown individuals. The alert also recommended that users avoid providing sensitive information to any site that does not use a .gov domain and to report suspicious pages through the verified IC3 portal. Federal officials say that the increase in spoofed sites appears to be targeting individuals who previously experienced fraud and are seeking help.

The big picture

The rise of IC3 lookalike sites mirrors a broader surge in government-impersonation scams, where attackers build replicas of official portals to harvest personal and financial information. As the FBI explained, “a spoofed website is designed to impersonate a legitimate website and may be used for illegal conduct, such as personal information theft and to facilitate monetary scams.” The bureau also warned that “threat actors create spoofed websites often by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information (PII) entered by a user into the site, including name, home address, phone number, email address and banking information.” Officials added that scammers sometimes go a step further by impersonating FBI IC3 staff to “revictimize individuals,” offering bogus help recovering lost funds in exchange for payment. Together, these tactics show how attackers are targeting people who are already vulnerable, using trusted government branding to extract even more information.

FAQs

Why do attackers target IC3 specifically?

Victims visit IC3 to report fraud, which makes them more willing to provide accurate personal information that scammers can exploit for identity theft or account takeover.

How can users confirm they are on the real IC3 site?

They can type www.ic3.gov directly into their browser, check that the address ends in .gov, and avoid using search engine links or sponsored ads.

Why are misspelled domain names so effective in phishing campaigns?

Small variations in spelling or top-level domains can closely resemble legitimate sites, and users may not notice differences when urgently reporting an incident.

Do government reporting portals ever charge money?

No, federal agencies do not request payment to file fraud complaints or assist with recovery, and requests for money are a sign of impersonation.

What should someone do if they submitted information to a fake IC3 site?

They should file an actual report at ic3.gov, monitor accounts for unusual activity, place fraud alerts if needed, and notify their financial institutions.