Internet Crime Complaint Center Impersonated for Malware & Phishing Scam

Another day, another phishing scam – This time, hackers are impersonating Internet Crime Complaint Center (IC3) to conduct malware and phishing scam.

The Federal Bureau of Investigation (FBI) has identified a new phishing scam where hackers have created a fake federal online crime complaint portal (Internet Crime Complaint Center (IC3) on social media to deceive users into giving out their private and confidential data. The FBI has also issued a security alert on 1st February informing that it has received complaints from numerous citizens who have reported about receiving emails from the Internet Crime Complaint Centre (IC3).

The FBI noted: “As of December 2017, the IC3 had received over 100 complaints regarding this scam. No monetary losses have yet to be reported.”

It must be noted that the IC3 forum lets users file a complaint to the FBI. The scam email has four different variations, according to the FBI, and each of them claims that the recipient has become a victim of cybercrime or fraudulent campaign and therefore, the complaint center requires private, sensitive data to compensate for the loss. The email has been created in a way that it looks legit; such as it contains hyperlinks to certain news articles that are related to capturing of an online scammer.

This fake email also contains a text document that is to be downloaded by the users in order to complete the task. However, this document is infected with malware, which is embedded to further extend the data theft process. In one of the emails, a fake IC3 social media page is also evident that asks recipients to enter personal data if they want to report about any online fraud or cybercrime.

In another email, the recipient was informed that he or she has become eligible to receive compensation from the IC3 for being a victim of a recent scam and recipient can claim up to $2m or £1.5m as restitution payment. The content of one of the emails read:

“The perpetrator and his group of co-offenders had over 2000 aliases originating from Russia, Nigeria, Ghana, London, and much more masking their original identities. Our records indicate that you have been a victim of fraud because your contact details were found on several devices belonging to the perpetrator.”

In another fake email, the recipient was informed that for being treated unfairly by courier companies and banks, the victim is found eligible for restitution. The fourth email contained a form from the Internet Crime Investigation Center/Cyber Division and also had a fake case reference number. The email informed the recipient that the IP address that is being used is involved in a federal cybercrime, therefore, the recipient is required to contact the sender through the phone.

Internet Crime Complaint Center Impersonated for Malware & phishing scam
Screenshots of fake emails sent by hackers (Open in new tab for better preview).

The US Department of Homeland Security has also issued a security advisory citing the ongoing malware and phishing scam in the name of IC3.

Remember, cybercriminals have become persistent and sophisticated in their phishing attacks which has allowed them to steal millions of dollars from unsuspected users. In just last one week there have been three phishing attacks in which scammers stole $900,000 from Harris County, Texas, $150,000 in Ethereum from Experty ICO and $1M worth of Ethereum in BeeToken’s ICO as a result of a phishing scam.

Image credit: DepositPhotos/Leremy

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.