Fraud flip: Scammers spoof FBI IC3 website, impersonate staff

How cybercriminals are exploiting trust to steal personal and financial information

Takeaways

• Scammers are spoofing the official FBI IC3 website and impersonating FBI staff to steal personal and financial information.
• The FBI has issued multiple warnings in 2025 about these sophisticated fraud schemes targeting victims of online financial scams.
• Fraudsters use fake personas and convincing websites to trick victims into sharing sensitive data, leading to further financial losses.
• Always verify you are on the legitimate IC3 website (ic3.gov) and be wary of unsolicited contacts claiming to be from the FBI.

The FBI's Internet Crime Complaint Center (IC3) is a valuable resource for fighting fraud. The website offers tips to reduce risk, channels to report financial fraud, and research to track yearly losses. For example, in 2024, IC3 received more than 890,000 complaints, totaling losses of $16 billion. 

Cyberscammers, however, have found a workaround: Spoofing the IC3 site and impersonating FBI staff. The problem has gotten bad enough that the FBI issued warnings in April and September 2025, and the official IC3 homepage now features a banner with warnings about potential scams.

Here's what you need to know about the anatomy of these attacks and what you can do to stay safe.

Imitation: The (seemingly) sincerest form of fraud

In April 2025, the FBI issued a public service announcement about an ongoing fraud scheme. Between December 2023 and February 2025, the agency fielded more than 100 IC3 impersonation complaints. For scammers, the goal was simple: Pretend to work with the FBI, then convince victims that their money had been recovered, or offer help in recovering the funds. Once fraudsters gained victims' trust, they would collect personal information and use it to steal more money.

According to the FBI, the scam started with initial contact. Fraudsters would reach out to victims via emails, phone calls, social media sites or online forums for financial fraud victims.

For example, in the case of online fraud forums, scammers created fake female personas who claimed to be victims. After sharing their "experiences," they would recommend that other victims reach out to a male persona, often said to be the "Chief Director" of the IC3. Victims were directed to connect with this individual through the Telegram app. The "director" would then offer help but require victims to provide their personal and financial details, at which point they were revictimized. 

Spoofing: What you see isn't always what you get

September 2025 saw another warning from the FBI, this time for threat actors spoofing the official IC3 website. 

The official — and only — website is ic3.gov. Anything else is a spoof. Unfortunately, these fake fraud reporting sites can be quite convincing. Scammers often use the same fonts, colors and layouts as the original to trick victims into believing they've landed on the right site.

Once users are convinced that what they're seeing is the real deal, they're often willing to provide private information such as their name, date of birth, Social Security number, and even their banking information. Using these details, threat actors may be able to gain access to financial accounts, reset passwords and lock out legitimate users before transferring their money, running up credit card debt or creating new accounts.

Even worse is that in many cases, victims don't realize they've been scammed again. Instead, they're under the impression they've reported a fraud to the FBI, making them less likely to suspect the scam. 

Five tips for staying safe

Fraud is frustrating and demoralizing. Victims often feel hopeless and helpless, leaving them vulnerable to revictimization. Avoid secondary scams with these five tips.

1. Only respond to law enforcement officers or FBI field agents about your fraud

The IC3 does not directly contact individuals via phone calls, emails, social media messages, or on forums. Any person claiming to be from the IC3 on one of these channels is lying. While the FBI may request more information about your fraud report, they will do so via local law enforcement officers or FBI field agents. 

2. Remember the IC3 does not work with third-party providers and will not ask for money

The FBI does not work with third-party, non-law enforcement organizations to investigate fraud or recover stolen funds. In addition, the agency does not ask for payment to recover lost funds or refer users to a for-pay organization. Any request for cash, gift cards or other items of value indicates a scam. 

3. Avoid search engines; type IC3.gov directly into your web browser

Using a search engine may direct you to a spoofed page. For example, scammers often pay for "sponsored" pages that are imitators rather than the actual IC3. Limit the risk of getting spoofed by manually entering IC3.gov into your browser.

4. Do not share financial information online

Although law enforcement agents may ask about the financial details of your fraud in person, the IC3 will never ask for your banking information online. Any website or individual asking for this data is not working for the FBI and does not have your best interests in mind.

5. Always consider the source

Forums and social media sites can offer solid advice for fraud victims. But that's all it is — advice. The IC3 does not have a social media presence, and they do not post on forums. If the source of your information is not from IC3.gov or directly from local law enforcement, take it with a (large) grain of salt.

Frustrating the fraudsters

The IC3 helps track and manage fraud complaints and provides valuable advice to help Americans avoid common scams. Its popularity, however, makes it a target for criminals looking to leverage its trusted reputation as a means for secondary scams.

While it's impossible to completely eliminate the risk of fraud, users can take steps to reduce their risk: Always type the website directly into the search bar, always check links to ensure they end in .gov, and remember that the IC3 will never contact victims directly.