Checklist 444: Spoofing the FBI and Doctors without Manners

FBI Warns: Scammers Are Spoofing Its Own Website

In a twist straight out of a cybercrime comedy, the FBI has issued a public service announcement warning that criminals are spoofing its own Internet Crime Complaint Center (IC3) website—the very site meant to help victims of online fraud.

According to the Bureau’s advisory, threat actors are creating fake IC3 websites designed to mimic the real one—IC3.gov—to trick victims into surrendering sensitive personal data, from home addresses to banking information. These fake domains often use minor variations of the real address, such as IC3gov.com or ICC3.com, or rely on “sponsored” search results to lure unsuspecting visitors.

“Avoid any sponsored results,” the FBI cautioned, “as these are usually paid imitators looking to deter traffic from the legitimate IC3 website.”

ZDNet highlighted how subtle misspellings or top-level domain swaps are enough to fool many users into clicking. The FBI further advised the public to verify URLs carefully, ensure any government site ends in “.gov,” and remember that IC3 never asks for payment or operates on social media.

For anyone uncertain about a site’s legitimacy, SecureMac recommends using reputation-checking services like URLScan.io or WebSafely.net to confirm whether a link is safe.

If you suspect you’ve stumbled upon—or fallen victim to—a spoofed IC3 website, the Bureau wants to hear about it. And yes, you should report it at the real address: IC3.gov.

Doctors Imaging Group Takes Nearly a Year to Disclose Data Breach — Offers Victims “Nothing”

In a move critics are calling tone-deaf, Florida-based Doctors Imaging Group (DIG) has informed nearly 172,000 patients that their personal and medical information was stolen — nearly a year after the breach occurred. The notification, sent in October 2025, follows an attack that took place in November 2024, according to a report by The Register.

The stolen data reportedly includes admission dates, medical record numbers, insurance details, treatment information, and financial account data, along with the usual PII such as names, addresses, birthdates, and Social Security numbers. Despite the sensitivity of the data, Doctors Imaging Group has not offered affected patients any complimentary identity theft protection or credit monitoring — a gesture that has become standard after such breaches.

In its letter to patients, the company stated it “moved quickly to respond and investigate” and had notified law enforcement and regulators. However, critics note that DIG completed its investigation in August and waited until October to inform patients — a delay that raises questions about what “quickly” really means.

While The Register found no evidence the attack involved ransomware, the nature of the breach remains unclear. The company says it is now reviewing cybersecurity policies and assessing new tools to prevent future incidents.

Instead of offering paid protection, DIG advised victims to monitor their accounts, request free annual credit reports, and place fraud alerts with credit agencies — effectively leaving them to manage the fallout on their own.

As The Register dryly summarized: “Doctors Imaging Group did not offer victims complimentary identity theft or like services from any of the three big credit agencies.”