The FBI has warned hackers have been impersonating a federal online crime complaint portal to trick victims into divulging their personal and sensitive information in a new phishing scam.
In an alert issued on Thursday (1 February), the agency said it has received "numerous" complaints from citizens reporting they received emails purporting to be from the FBI's Internet Crime Complaint Center (IC3), which allows victims of Internet crimes to file a complaint via their website.
The FBI has identified four variations of the scam that claim the recipient has been a victim of a fraud scheme or a cybercrime, and requests them to provide personal and sensitive information to receive restitution. To make the email seem legitimate, it also includes hyperlinks to news articles that detail the recent arrest of an internet fraudster.
Attached to the fraudulent email is a text document for users to download, complete and return to the threat actors. The .txt file itself is laden with malware designed to further compromise the user's data.
One phishing email involved a fake IC3 social media page that requested recipients to provide personal information to report an internet crime. A second stated the person was eligible to receive restitution as the victim of a recent fraud scheme.
"The perpetrator and his group of co-offenders had over 2000 aliases originating from Russia, Nigeria, Ghana, London, and many more masking their original identities," the hackers' email read. "Our records indicate that you have been a victim of fraud because your contact details were found on several devices belonging to the perpetrator."
It added that the recipient can claim restitution payments of £1.5m ($2m approx).
Another email stated that the recipient was "treated unfairly by various banks and courier companies" and claimed their name was uncovered in a financial company's database that lists victims whose funds were sent to Nigeria and other countries. It also promised the recipient that they will be compensated for "this unfair treatment".
The fourth email claimed to be from the Internet Crime Investigation Center/Cyber Division and even included a fake case reference number. It informed the recipient that their IP address has been found to be a possible victim of a federal cybercrime and asked the recipient to contact the sender via telephone.
"As of December, 2017, the IC3 had received over 100 complaints regarding this scam. No monetary losses have yet to be reported," the FBI said.
The US Department of Homeland Security has also issued an advisory on the phishing campaign.