The Role of the IC3 in Cybercrime Prosecution

If your business has been the victim of a cybersecurity incident, data breach, or other cybercrime, you may have had to decide whether to keep the incident to yourself, or report the crime to the police.  If you carry cyber insurance, reporting the crime is a requirement to file an insurance claim.  So you called the police and filed a report,  You may have been discouraged by the lack of enthusiasm on the part of the police, and the reality that because of the multi-jurisdictional and often international nature of these crimes, there may be little they can really do.

This is where the Internet Crime Complaint Center (IC3) comes in.  The IC3 is a department with the FBI, and their mission is to “provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity, and to develop effective alliances with industry partners. Information is analyzed and disseminated for investigative and intelligence purposes, for law enforcement, and for public awareness.”

The IC3 was established in 2000.  Their website at is set up to accept reports about Internet crimes.  Their role in the cybersecurity space is to act as a central repository of cyber-crime activity that can be used by individuals, businesses, law enforcement agencies, Including the FBI, DHS, and Interpol.  Their activities include:

  • Collection – It starts with victims filing a complaint online.
  • Analysis – The information is analyzed, and crimes with a common modus operandi are aggregated, and if the aggregated total amount of losses or victims are high enough, they will be assigned as a case.
  • Public Awareness – This information is used to provide public service announcements, scam alerts, and other publications.   This information is shared with other agencies such as US-CERT, who provides email alerts to those who subscribe.
  • Referrals – Once the IC3 has aggregated the crime data, the case is referred to local, state, federal, and international law enforcement for further investigation, leading to arrests of the bad actors and further adjudication and incarceration.
  • Database Access – The IC3 also provides access to their database by law enforcement personnel through the Law Enforcement Enterprise Portal (LEEP).

The report features a short section of IC3 success stories, such as an international investment scam in Houston, a harassment and extortion scheme if Los Angeles, a number of non-payment/non-delivery scams in San Diego and Knoxville, and an impersonation exploit in Knoxville.

Hopefully, you will see the advantages to reporting your cyber-crime incidents to the IC3 website.  By participating, there is a better likelihood that your attack may be aggregated and successfully prosecuted in the future.  If you have not take a look at the report yet, use the link below to open the PDF.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.