Warning: Scammers Are Using a Fake FBI Website to Steal Your Information
In a bold and deceptive new tactic, cybercriminals are impersonating one of the very agencies designed to protect you: the FBI. A recent federal alert warns the public of a sophisticated scam involving fraudulent websites designed to look exactly like the official FBI Internet Crime Complaint Center (IC3).
These fake sites are not just for show; they are the final step in a multi-stage con designed to steal your personal data and drain your bank accounts. Understanding how this scam works is your first and best line of defense.
How This Deceptive Scam Works
The scheme is dangerously effective because it combines common scam tactics with the perceived authority of a federal law enforcement agency. Here’s a step-by-step breakdown of how criminals are luring in their victims:
- The Initial Contact: The scam almost always begins with an unsolicited phone call or email. The criminals often impersonate well-known tech support companies, such as Geek Squad or Norton, or a financial institution.
- The False Problem: They will claim you are owed a refund, have been accidentally overcharged, or that your account has a serious security breach. The story is designed to create a sense of urgency and confusion.
- The Malicious “Solution”: To “fix” the issue or process your “refund,” the scammer will guide you through a series of steps. This frequently involves convincing you to grant them remote access to your computer.
- The Final Trap: The scammer then directs you to what appears to be the official FBI IC3 website to fill out a form. However, this is a fraudulent, look-alike website controlled by the criminals. They may claim this is necessary to officially document the refund or security incident.
- Information and Financial Theft: Any information you enter on the fake site—including your name, address, social security number, and banking details—goes directly to the scammers. If they have remote access to your computer, they will use this information to log into your real bank accounts and transfer money out while you are distracted by the fake form.
Key Warning Signs of an Impersonation Scam
Vigilance is crucial. Scammers rely on you being too flustered to notice the red flags. Be on the lookout for these warning signs:
- Unsolicited Tech Support Calls or Emails: Legitimate companies will not contact you unexpectedly about a problem with your computer or a surprise refund. If you did not initiate the contact, treat it with extreme suspicion.
- High-Pressure Tactics: Scammers will insist the problem is urgent and must be fixed immediately. They do this to prevent you from having time to think critically or consult with someone else.
- Requests for Remote Access: Never grant a stranger remote access to your computer. This is like handing them the keys to your digital life.
- Directions to a Website to Enter Financial Details: A real tech support agent or government agency will never guide you to a web form to enter your bank login credentials or personal financial data to resolve an issue.
Your Most Important Defense: Always Verify the Website
Criminals are experts at creating convincing forgeries. The fake websites often use official-looking logos, colors, and layouts. However, there is one thing they cannot fake: the official web address.
The only official FBI Internet Crime Complaint Center website is https://www.ic3.gov.
Before you ever enter information on a government website, carefully check the URL in your browser’s address bar. Look for:
- The correct domain: It must end in .gov. Scammers will often use similar-looking domains like
ic3-gov.comorfbi-claims.org. - Spelling mistakes: Look for subtle misspellings in the domain name.
- Secure Connection: Ensure the address begins with
https://, indicating a secure connection.
What to Do If You Suspect You’re a Victim
If you believe you have been targeted by this or a similar scam, take these steps immediately:
- Stop All Communication: Hang up the phone and do not reply to any more emails or messages from the suspected scammer. If you granted remote access, immediately shut down your computer to sever the connection.
- Contact Your Financial Institutions: Call your bank and credit card companies directly using the phone numbers on the back of your cards. Report the fraudulent activity, check for unauthorized transactions, and consider placing a freeze on your accounts.
- File an Official Report: Report the incident to the real Internet Crime Complaint Center at ic3.gov. Providing details of your experience can help law enforcement track and stop these criminal operations.
- Secure Your Computer: Run a full scan with reputable antivirus and anti-malware software to check for any malicious programs the scammers may have installed. Consider changing critical passwords for your email, banking, and other sensitive accounts.
By staying informed and skeptical, you can protect yourself from these increasingly sophisticated online threats. Always remember to pause, think, and verify before ever sharing personal information or providing access to your devices.
Source: https://securityaffairs.com/182449/cyber-crime/fbi-alerts-public-to-spoofed-ic3-site-used-in-fraud-schemes.html
