The FBI has issued a public service announcement warning that cybercriminals are impersonating the FBI’s Internet Crime Complaint Center (IC3) and even cloning its website to steal victims’ personal and financial data.Attackers are exploiting public trust in federal law enforcement by creating fake IC3-branded domains and lookalike reporting portals, then driving victims to these sites via phishing emails, messages, and search engine manipulation so people think they are filing a legitimate cybercrime report.
The alert—referenced as PSA I-091925—describes threat actors spoofing the official IC3 website and related communications, with the goal of harvesting names, home addresses, phone numbers, email addresses, and banking details under the pretext of gathering evidence for an investigation or helping recover lost funds.The FBI stresses that visiting these fake sites or responding to unsolicited “IC3” outreach could lead not only to identity theft and financial fraud but also to further compromise through follow‑on scams using the stolen data.
Security experts situates this campaign within a broader surge in impersonation attacks, noting that law enforcement, government agencies, and major brands have all been targets of cloned sites and spoofed communications, often enhanced by AI to appear more convincing. It highlights that scammers may blend IC3 impersonation with other fraud patterns, such as bogus refund or recovery services, “phantom hacker” style tech‑support narratives, or messages claiming to fix account compromises, all framed as official FBI assistance.
The FBI has issued guidelines to safeguard Americans from phishing campaign. The real IC3 does not charge fees, will never ask for payment or direct victims to third‑party companies to recover funds, and does not operate any official presence on social media. Genuine IC3 reporting should be done only through the official ic3.gov domain, accessed by typing the URL directly into the browser or using trusted bookmarks, rather than clicking on links in unsolicited messages or search ads.
Additionally, to mitigate risk the FBI recommends treating any unexpected communication claiming to be from the FBI or IC3 with skepticism, independently verify contact details through official channels, and avoid sharing sensitive information or making payments based on pressure tactics. It closes by urging individuals and organizations to train staff on recognizing impersonation scams, double‑check domains and email addresses, and promptly report suspected fake FBI or IC3 activity using confirmed, legitimate FBI contact points.
