It has been quite the week for warnings alerting the public to be aware of attackers using fake this and cloned that in order to hack their accounts, compromise data, or just plain steal their money. Amazon has sent a warning email as brand impersonators go on the attack during the Black Friday sales, owners of web domains have been warned of name registration renewal attacks, and Netflix and PayPal users have also been told to pay close attention as Matrix hackers go on the cyber-offensive. The Federal Bureau of Investigation, meanwhile, has its own impersonation issues to deal with, as it has confirmed that hackers are pretending to be the Feds to pull off various scams. Here’s what you need to know about the FBI public service security announcement.
Fake Feds Pose As The FBI Internet Crime Complaint Center
The FBI is most often to be found issuing public service announcements and security advisories regarding threats such as password reset campaigns, or providing two-factor authentication advice in the light of ongoing attacks, and sometimes even confirming it remotely deleted malicious files from thousands of computers.
It is much less common to see an alert, specifically I-091925-PSA, that addresses hackers impersonating the Feds themselves in order to scam the public. Yet here we are. “Threat actors are spoofing the FBI Internet Crime Complaint Center government website,” the FBI said, warning that “members of the public could unknowingly visit spoofed websites while attempting to find FBI IC3’s website to submit an IC3 report.”
The consequences of so doing, the FBI continued, could include theft of personal information and the facilitation of financial scams. Specifically, the PSA warned that attackers could use the fake IC3 site to get a victim to enter details such as name, home address, phone number, email address, and banking information.
Mitigating The Fake FBI Site Threat
The FBI went on to recommend everyone takes note of the following mitigations against being conned by the fake Feds and their cloned IC3 sites:
- Always type www.ic3.gov directly into a browser rather than clicking links, including those from search engine results.
- Talking of which, avoid any sponsored results that appear in search engines, as these can be manipulated by hackers looking to divert traffic to their malicious sites.
- Always verify that the site you are at ends with (dot) gov.
The FBI confirmed that the IC3 will “never ask for payment to recover lost funds, nor will IC3 refer someone to a company requesting payment for recovering funds,” nor does it “maintain any social media presence.” So, now you are armed with the facts, don’t get stung by the fake Feds.

