FBI warns its scam reporting site is being spoofed - how to avoid getting tricked

Beata Zawrzel/NurPhoto via Getty Images Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways The FBI says spoofed websites masquerading as the IC3 have appeared. Spoofed websites impersonate well-known services to steal your data. FBI warns visitors to remain vigilant against suspicious URLs and incorrect website addresses. The FBI is warning the public that its Internet Crime Complaint Center (IC3) website is being spoofed by scammers online. In a public service announcement (PSA) alert published on September 19, the FBI said that cybercriminals are spoofing the IC3, and fraudulent versions of the government website have been detected by US law enforcement. Also: 3 reasons VPN use is set to explode worldwide - and that might apply to you "A spoofed website is designed to impersonate a legitimate website and may be used for illegal conduct, such as personal information theft and to facilitate monetary scams," the FBI says. The law enforcement agency has not identified any of the spoofed addresses or provided much concrete information on this scam. However, we do know that spoofed websites' typical goal is to steal personally identifiable information (PII) submitted by visitors. This data, such as names, physical addresses, phone numbers, and banking information, may then be used to conduct identity theft or to make fraudulent purchases. It appears that the latest scam involving IC3 may have a financial fraud angle. On the legitimate IC3 website, an alert reads: "The IC3 does not work with any non-law enforcement entity, such as law firms or crypto services, to recuperate lost funds or investigate cases. The IC3 will never directly contact you for information or money." Also: Your passkeys could be vulnerable to attack, and everyone - including you - must act When internet users in the US wish to report a cybercrime, the IC3 website is one of the first ports of call. Since its launch in 2000, visitors to the site have logged over 9 million complaints relating to cybercrime and fraud. Last year, the top three categories for complaints were related to spoofing and phishing, extortion, and personal data breaches. "Threat actors create spoofed websites often by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information entered by a user into the site, including name, home address, phone number, email address, and banking information," the FBI warns. "Spoofed website domains may feature alternate spellings of words or use an alternative top-level domain to impersonate a legitimate website. Members of the public could unknowingly visit spoofed websites while attempting to find the FBI IC3's website to submit an IC3 report." Also: How researchers tricked ChatGPT into sharing sensitive email data For example, the legitimate IC3 website is https://www.ic3.gov. A scammer could use IC3gov.com, IC3.com, ICC3.com, and so on. The FBI's advice on the issue is sound: If you need to submit a report, type www.ic3.gov directly into the address bar of your browser, and avoid search engines where possible -- especially if they are presented in "sponsored" results, as this could be a paid method to redirect traffic away from the legitimate IC3 website. Furthermore, ensure that the website you visit ends in .gov, as this is a protected US top-level domain, and won't likely fall into the hands of cybercriminals. This isn't the first time the Internet Crime Complaint Center has been impersonated. In April, the FBI issued an alert, warning of an ongoing fraud scheme after receiving more than 100 reports of IC3 impersonation scams.