The FBI has issued a warning about a rise in counterfeit websites impersonating the Internet Crime Complaint Center (IC3) at www.ic3.gov. The look‑alike portals are designed to harvest personal and financial information and, in some cases, to facilitate fraudulent payments from victims who believe they are interacting with the official complaint system. The alert follows more than 100 complaints received in April 2025. The broader context underscores the stakes: IC3’s 2023 report recorded over 880,000 complaints and more than $12.5 billion in reported losses, illustrating why adversaries target high‑trust government brands.
How the IC3.gov impersonation works: typosquatting and domain spoofing
Threat actors register domains that visually resemble the legitimate ic3.gov address, then clone the design, wording, and branding of the authentic site. This “lookalike” approach—known as typosquatting—exploits minor variations (for example, swapping “ic3” for “icc3” or inserting extra characters) and top-level domain (TLD) substitutions such as .com or .net in place of .gov. Once victims engage, the fake forms capture personally identifiable information (PII) like full name, address, phone, email, and even payment details.
Recent examples highlighted by reporters include icc3[.]live, practicinglawyer[.]net, and ic3a[.]com. Notably, one clone reproduced an official warning from the real portal, attempting to build credibility by posing as a “protector” against scams.
Why the .gov domain matters
The .gov TLD is restricted to verified U.S. government entities, providing a strong trust signal when combined with the exact hostname www.ic3.gov. By contrast, .com, .net, and similar TLDs are open for public registration and are frequently abused in impersonation campaigns. Users should verify the entire URL in the address bar; a padlock icon alone is insufficient, as fraudulent sites can also obtain TLS certificates.
Malvertising via search ads increases exposure
According to the FBI, adversaries often promote these clones through paid search advertisements (a tactic widely referred to as malvertising). Because ads can appear above organic results and mimic legitimate listings, a single click may land users on a convincing fake. The bureau advises navigating to the site by manually entering https://www.ic3.gov or using a trusted bookmark rather than relying on search queries—especially when dealing with fraud reporting or financial matters.
Red flags and verification checklist for the IC3 website
Confirm the domain: The official portal is ic3.gov. Any variation, including .com, .net, .org, or misspellings like icc3, is suspicious.
Inspect the full
Assess the request: Demands for banking details, “processing fees,” or payments for refunds are not part of IC3’s process. The FBI states that IC3 does not contact victims directly to request money, gift cards, or cryptocurrency, nor does it refer people to paid intermediaries.
Use protective tools: Password managers auto‑fill only on exact domains, acting as a practical domain‑verification aid. Security‑aware users can also check the site’s certificate details in the browser.
FBI guidance and steps to take if you interacted with a fake IC3 site
Access the site safely: Navigate directly to https://www.ic3.gov via manual input or a saved bookmark. Avoid clicking search ads for fraud reporting.
Do not share sensitive data: Never send money, gift cards, or cryptocurrency to individuals you met online or over the phone claiming to be from IC3 or law enforcement.
If you already submitted data or paid: Immediately contact your bank or card issuer to block the card and flag potential fraud. Change any reused passwords and enable multi‑factor authentication everywhere possible. Then file a complaint through www.ic3.gov with full details of the incident.
Recommendations for organizations
Enterprises should implement DNS filtering and domain‑reputation controls to block known phishing domains, monitor lookalike domain registrations targeting their brand, and train employees to verify .gov addresses for government services. Endpoint protection and secure browsing policies further reduce exposure to malvertising.
Impersonating official resources remains a highly effective social‑engineering technique because it leverages urgency and trust. Slow down, verify the .gov domain, avoid search ads for sensitive tasks, and never transmit confidential data on unfamiliar sites. If suspicious activity is encountered, report it through the legitimate IC3 portal to support faster disruption of scams and help others avoid losses.
