CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Fake FBI crime reporting portals used in cybercrime campaigns

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Cybercriminals are impersonating the FBI's Internet Crime Complaint Center (IC3) website to conduct financial scams and steal personal information. Spoofed websites mimic legitimate domains to deceive users into entering sensitive data. The FBI issued a public service announcement warning about this tactic, which has been reported over 100 times since December 2023. The FBI advises users to directly enter the official IC3 URL in their browser and avoid clicking on sponsored search results. Users should also refrain from sharing personal information with unknown individuals and avoid sending money or financial assets to them. The FBI will never contact victims directly to ask for payment to recover stolen funds.

Timeline

  1. 19.09.2025 19:43 1 articles · 10d ago

    FBI warns of fake IC3 portals used for cybercrime

    The FBI issued a warning about cybercriminals impersonating the IC3 website to conduct financial scams and steal personal information. Spoofed websites mimic legitimate domains to deceive users. The FBI has received over 100 reports of this tactic since December 2023. Examples of spoofed domains include icc3[.]live, practicinglawyer[.]net, and ic3a[.]com. The FBI advises users to enter the official IC3 URL directly in their browser and avoid sharing personal information with unknown individuals.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Increased Browser-Based Attacks Targeting Business Applications

Browser-based attacks targeting business applications have surged, exploiting modern work practices and decentralized internet apps. These attacks, including phishing, malicious OAuth integrations, and browser extensions, compromise business apps and data by targeting users. The attacks leverage various delivery channels and evasion techniques, making them difficult to detect and block. Phishing attacks have evolved to use non-email channels such as social media, instant messaging apps, and malicious search engine ads. These attacks often bypass traditional email security controls and are harder to detect. Attackers exploit the decentralized nature of modern work environments, targeting users across multiple apps and communication channels. Non-email phishing attacks can result in significant breaches, as seen in the 2023 Okta breach. The rise in these attacks highlights the need for enhanced browser security measures and better visibility into user activities within the browser.

Open in new tab

PyPI implements expired domain checks to prevent account takeovers and supply chain attacks

The Python Package Index (PyPI) has implemented a new security measure to check for expired domains, blocking over 1,800 email addresses tied to expired domains since June 2025. This update targets domain resurrection attacks, where malicious actors exploit expired domains to gain unauthorized access to PyPI accounts. PyPI uses Domainr's Status API to determine a domain's lifecycle stage and mark email addresses as unverified, preventing password resets and other account recovery actions. Users are advised to enable two-factor authentication (2FA) and add a secondary verified email address from a notable domain to enhance security. Additionally, PyPI has warned of a new wave of phishing attacks using fake websites to steal user credentials, advising users to change passwords and use phishing-resistant 2FA methods.

Open in new tab