Or: "Quis custodiet ipsos custodes?"
In cases reminiscent of the recently-reported impersonations of the United States Patent and Trademark Office (USPTO)[1], the US Internet Crime Complaint Center (IC3) (Figure 1) - operated in partnership with the FBI - recently also warned of a spate of impersonation attacks. In many cases these utilised e-mail, telephone, or social-media-based approaches, often targeting victims of previous scams under the guise of providing assistance, support or fund recovery, with a view to 'revictimising' these individuals[2].
.jpg)
Figure 1: The IC3 official website, at ic3[.]gov
In this analysis, I consider the landscape of gTLD domains with names beginning 'ic3', many of which (where not used by third parties legitimately using the same abbreviation) may have significant potential for use in IC3 impersonation scams.
As of 18-Apr-2025, there are 896 such domains. Many of these actually comprise long, apparently-random strings of 32 characters in length or greater and - whilst potentially relating to automated registrations which may be associated with infringing activity - are unlikely to be targeting the IC3 specifically. Removing these examples leaves a remaining dataset of 489 domains, of which 3 appear to be official (either ic3[.]gov itself, or domains which re-direct to it).
Of the third-party domains, 222 resolve to some sort of live website response, and a total of 41 include some sort of high-risk keyword ('gov', 'usa', 'support', 'help', 'complain*' or 'cyber') - implying that, even if not in active use as part of a scam, they may be intended for activation for fraudulent use in the future.
Many of these domains do appear to be associated with legitimate third-party use, but there are at least three examples resolving to live websites which appear to be exhibiting fraudulent, impersonation-based activity (or appear likely to do so in the future) (Figure 2).
Figure 2: Examples of probable IC3 impersonation websites - top to bottom: ic3[.]uno, ic3fbi[.]org, ic3govusfraudftc[.]net
Given the FBI's resources and apparent appreciation of the importance of reporting related scams of which they have been made aware, it is concerning that such a simple search is able to identify a number of examples of active websites of concern, and suggests that this type of proactive monitoring is not being actively carried out. The results once again highlight the importance of employing programmes of brand monitoring and enforcement to tackle such scams as they arise.
References
[2] https://www.linkedin.com/feed/update/urn:li:activity:7319031085093269504/
This article was first published on 19 April 2025 at:
No comments:
Post a Comment