FBI’s Internet Crime Complaint Center (IC3) impersonators are copying the bureau’s site to steal people’s personal details and steer them into supplementary scams. The lookalike pages frequently resemble the genuine portal well enough that users attempting to report a crime inadvertently supply sensitive information to criminals instead.

Law enforcement calls these sites “spoofed”: near-perfect copies of the pages to which they redirect, and all created for names, addresses, phone numbers, emails, and banking details, or a pathway to fraught follow-on calls promising supposed fund recovery. And it’s not just a theoretical threat — the Department of Justice has found and investigated real fake versions of government pages, according to U.S. agencies.

Table of Contents

Here’s what to look out for in a spoofed FBI site scam
Why the FBI’s IC3 internet crime portal is targeted
How to confirm you’re on the actual IC3 site
If you’ve already entered information on a fake site
How authorities are responding to IC3 spoofing scams

The official seal of the Federal Bureau of Investigation ( FBI) mounted on a textured wall with green foliage in the background, resized to a 16: 9 aspect ratio.

Here’s what to look out for in a spoofed FBI site scam

Attackers register domains that nominally look real — what’s known as typosquatting — inserting small misspellings, adding characters, and using different top-level domains like .com or .org. They could also purchase search ads so the fake site shows up above the real result. The page usually mirrors the IC3 branding, there is official-sounding language, and forms requesting comprehensive personal and financial details.

A typical variation comes after victims admit they have used the spoofed website: They get a call or an email that appears to come from investigators, with a case number — followed by an appeal for payment in gift cards, cryptocurrency, or remote access to “continue the investigation” or “recover funds.” The real IC3 never charges for services, partners with private “recovery” services, or solicits money or credentials.

Why the FBI’s IC3 internet crime portal is targeted

IC3 is the national clearinghouse for online crime complaints, and it has received in excess of nine million complaints since its founding. In its most recent public data, the FBI observed that phishing and spoofing (the grim practice of sending you an email with a forged sender address), extortion, and compromising personally identifiable information all fall under top complaint categories, with losses reported to be in the tens of billions. That makes would-be complainants an attractive population to target for data theft and secondary scams.

Government-impersonation fraud is also among the top types of fraud reported to the Federal Trade Commission in its Consumer Sentinel reporting; in a report released last year, the agency found that the tactic was used in more than one million reports it received in 2018.

Two FBI agents in blue jackets with FBI in yellow on the back are seen from behind, holding up yellow crime scene tape. They are outdoors with a white truck, a car , and other people in the background .

How to confirm you’re on the actual IC3 site

Type it directly: Put ic3.gov in your browser’s address bar instead of clicking search results or links. Use caution with “Sponsored” results in search — ads are a well-known vector for getting users to lookalike pages.
Check the domain ending: A real federal government website will end with .gov, a closed top-level domain administered by the Cybersecurity and Infrastructure Security Agency. Criminals can’t legitimately register .gov domains, so a .com or .org variant is a red flag.
Check HTTPS, then look beyond the lock: Click the padlock to see who — if anyone — issued the certificate, ensuring it was issued to a .gov domain by a reputable issuer. Encryption alone doesn’t necessarily tell you the site is legit; the domain itself matters.
Make use of a saved bookmark: Once you’ve found the right place, save it so you can go back there later. This way you are less likely to search or typo into an impostor.
Look out for odd requests: The official IC3 will never demand payment, crypto transfers, remote desktop access to your device, bank logins, or full Social Security numbers in order to accept an actual complaint. If you receive such a request, take it as evidence that you’re dealing with an impostor.

If you’ve already entered information on a fake site

Act quickly. If you sent financial information, contact your bank or card issuer to flag the incident and monitor or lock accounts. If you provided some of your identity data, such as SSN or birth date, consider placing a fraud alert or credit freeze at the major credit bureaus.

Reset the passwords of any other accounts that are using the same or similar passwords and activate multifactor authentication where you can. Capture what occurred in screenshots and file a complaint with the authentic IC3 website; report government-impersonation with the Federal Trade Commission. Local law enforcement might also be able to file a report, which could assist in recovery and remediation efforts.

How authorities are responding to IC3 spoofing scams

Tracking down and shutting down fraudulent domains is a regular task for the FBI and its partner agencies, but the world of spoofing changes fast: typosquatting, paid search abuse, and homoglyph trickery all continue to evade filters. CISA’s oversight of the .gov extension helps lower the risk around official sites, but can’t prevent criminals from creating convincing replicas on other extensions.

The surest habit is also the easiest: double-check the address before you type, hit return, or click submit. When you report a crime, a few extra seconds to make sure that you’re at ic3.gov can make all the difference between getting help and giving scammers exactly what they need.