Threat Actors Fake FBI IC3 Portal to Steal Visitor Information

The Federal Bureau of Investigation has issued a critical public service announcement warning citizens about cybercriminals creating sophisticated spoofed versions of the FBI’s Internet Crime Complaint Center (IC3) website to harvest sensitive personal information from unsuspecting visitors.

According to FBI Alert I-091925-PSA released on September 19, 2025, threat actors have been actively creating fraudulent websites designed to mimic the legitimate IC3.gov portal.

These malicious sites employ common spoofing techniques, including subtle domain alterations such as alternative spellings, different top-level domains, and character substitutions to deceive users attempting to file legitimate crime reports.

The spoofed websites are specifically engineered to collect personally identifiable information entered by visitors, including names, home addresses, phone numbers, email addresses, and banking details.

This represents a particularly insidious attack vector, as victims believe they are interacting with an official government resource while unknowingly surrendering sensitive data to cybercriminals.

Key Warning Signs

The FBI has outlined several critical protection measures to help citizens avoid falling victim to these spoofed websites.

Users should always type  directly into their browser’s address bar rather than relying on search engine results, which may include sponsored links designed to redirect traffic to malicious sites.

Essential verification steps include:

• Confirming the URL ends with the official .gov domain.
• Avoiding any links with suspicious artifacts or unprofessional graphics.
• Never sharing sensitive information on questionable websites.
• Reporting suspicious activity only through the legitimate IC3 portal.

The bureau emphasizes that IC3 will never request payment to recover lost funds, does not maintain any social media presence, and will not refer individuals to companies requesting payment for fund recovery services.

This campaign highlights the evolving sophistication of cybercriminal operations targeting government websites.

By impersonating a federal law enforcement agency’s cybercrime reporting platform, threat actors exploit citizens’ trust in official institutions while simultaneously undermining legitimate crime reporting mechanisms.

The timing of this alert coincides with increased public awareness of cybercrime reporting procedures, making the IC3 website an attractive target for exploitation.

Security experts note that government website spoofing represents a particularly concerning trend, as it can erode public confidence in official digital services while providing criminals with a veneer of legitimacy.

Reporting and Response Procedures

Citizens who encounter suspected spoofed IC3 websites should immediately report the incident to their local FBI field office or through the legitimate IC3 portal.

The FBI requests comprehensive documentation including contact methods used by suspicious actors, financial transaction details, and complete descriptions of any interactions with fraudulent websites or individuals claiming IC3 affiliation.

This alert serves as a reminder that cybercriminals continuously adapt their tactics to exploit current events and institutional trust.

As government services increasingly move online, citizens must maintain vigilance when accessing official websites and verify authenticity through direct navigation rather than search engine results or unsolicited links.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.