Hackers, scammers, threat actors and cybercriminals are now resorting to impersonating the very department tasked with helping U.S. citizens who have been victims of their activities. The FBI has issued a warning of “possible malicious activity” that indicates cybercriminals have been creating portals that look like the legitimate IC3.gov website in order to phish consumers.
Although the government agency didn’t share any specific examples of the attacks or threats, Bleeping Computer found a few spoofed sites that could be potentially used by attackers to steal financial or personal information from visitors. The websites they found – icc3[.]gov and ic3a[.]gov are typical of spoofed or phishing websites and feature the characteristics mentioned in the FBI warning such as “alternate spellings of words or use an alternative top-level domain to impersonate a legitimate website.”
The FBI’s statement also mentions that threat actors will “slightly alter characteristics of legitimate website domains with the purpose of gathering personally identifiable information entered by a user into the site including name, home address, phone number, email address and banking information.” One such false website even features the warning notice from the legitimate IC3 site that warns about scammers impersonating FBI IC3 employees to help recover lost funds which was put out as a public service announcement back in April.
How to stay safe
The FBI recommends manually entering in the address for ic3.gov into your browser's address instead of using a search engine. They also recommend that you avoid clicking on sponsored search results, since those can be paid offerings by scammers who are attempting to redirect traffic to phishing pages.
Also, never share personal information with individuals you have only met online or over the phone and never send money, cryptocurrency, gift cards or any other financial assets to anyone you don't know personally.
The FBI adds that IC3 and FBI employees will never contact fraud or internet scam victims by phone, email, social media, mobile apps, or public forums or ask for payment in order to recover stolen funds or refer victims to companies that would require payment for fund recovery.
From there, you also want to make a point to search phone numbers and email addresses to look for associations with scams. Many will have results that show they are in fact fraudulent. When in doubt about a contact or message, go directly to the website of the organization to see if there are messages for you in your account.
Additional phishing advise includes: If you receive a suspicious email, do not click on anything within it. Instead, simply go directly to the URL or web address in your browser to see if there are messages there. Next, make sure that you enable two-factor authentication (2FA) to add an extra layer of security for your online accounts to prevent scammers from accessing them if they do manage to steal your credentials.
Finally, you want to protect your devices from the latest cyber threats by making sure you have one of the best antivirus programs installed and up-to-date on your computer. You also want to make sure that you're familiar with all of its features that can help you stay safe online like a VPN or a hardened browser.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
More from Tom's Guide
- Your banking apps can be fooled by these deepfake AI-generated videos – and you might not know they're on your iPhone
- Google just fixed a major Chrome zero-day flaw — update your browser right now
- Chrome could soon let you automatically upgrade from passwords to passkeys — here's how
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
