- False IC3 -Webares fool users to give away personal and bank details
- Cyber criminals falsified reliable domains and pair them with phishing -e -emails for redirecting
- FBI warns counterfeit IC3 places may mislead victims trying to report cybercrime
Fake Internet Crime Clake (IC3) Sites used to scam people to give away sensitive personal and banking information, according to the Federal Bureau of Investigation (FBI).
The Bureau recently issued a new public service announcement to warn of the malicious landing pages, which is the US government’s most important hub for reporting cybercrime.
It collects complaints about online fraud, fraud, identity theft, ransomware and other internet-activated crimes and then shares it with law enforcement authorities to help investigate and track digital threats across the country and globally.
Imitation of the government
Anyone, be it victim or third party, can submit a report via IC3’s official site. Although not all cases get a direct answer, the data FBI helps to understand wider trends and intervene whenever possible.
“Threat actors create spoofed sites often by slightly changed properties of legitimate site domains for the purpose of collecting personally identifiable information entered by a user on the site, including name, home address, telephone number, e email address and bank information,” warned FBI.
E.g. Can forged site domains contain alternative spellings of words or use an alternative top-level domain to emulate a legitimate site.
Members of the public could unconsciously visit counterfeit sites while trying to find the FBI IC3’s Website to submit an IC3 report.
Cyber criminal counterfeit legitimate sites all the time. False Google or Amazon -Login pages have been created to steal the credentials of work area or cloud services. Failure Bank Pictures is created to trick people into transferring access to their bank accounts, and social media pages are counterfeit to access business accounts and propagate malware via paid advertising.
These sites are usually paired with a phishing -e -mail campaign used to redirect the victims without raising any suspicion.
Via Bleeping computer
