E-mail scam taps antiterrorist push, says FDIC
Summary
Topics
The fraudulent e-mail claims to be from the FDIC and informs recipients that their bank account has been denied insurance as a result of aninvestigation by the U.S. Department of Homeland Security into"suspected violations of the Patriot Act." The USA PATRIOT Act, which was passed after the Sept. 11 attacks, gives broad powers to law enforcement to combatterrorism.
"Someone really did their homework," said David Barr, a spokesman for the FDIC, adding that the letter is mostly free of the grammatical andspelling mistakes that usually act as a sign that the message is notgenuine. Moreover, citations of the little-understood antiterrorism law, whose acronym stands for "Uniting and Strengthening of America byProviding Appropriate Tools Required to Intercept and ObstructTerrorism," lend the message a dire tone.
"The Patriot Act is an actual act out there. It's done through HomelandSecurity, and it's used to block the flow of money," making thefraudulent e-mail seem at least plausible, Barr said.
The FDIC sent out the advisory after being inundated with complaints fromconsumers, who were worried that their bank accounts wouldn't have the $100,000protection historically guaranteed by the FDIC.
The scheme is only the latest attempt to get personal and financialinformation through fraud, a criminal activity known as "phishing."Similar messages
The latest letter states that unless recipients confirm their personal information by going to what looks like an FDIC Web site, then their account will lose its protection. The link to the Web site provided in the e-mail message leads to a server in Karachi, Pakistan, CNET News.com has discovered. Moreover, the link is formatted to take advantage of an Internet Explorer flaw that allows an attacker to hide the true destination of the link; in this case, the address bar in InternetExplorer displays "www.fdic.gov," while the actual Web site isat a different address in Pakistan.
The IE issue is more than a month old andhas yet to be fixed by Microsoft.
"Microsoft is taking this vulnerability very seriously and is working to develop a patch to fix the problem," a company spokesperson said. "We will release this patch as soon as the development and testing process is complete."
Microsoft is directing users to a Knowledge Base article for more information.
"The FDIC is attempting to identify the source of the e-mails and disrupt the transmission," the agency's advisory stated. "Until this isachieved, consumers are asked to report any similar attempts to obtainthis information to the FDIC by sending information to alert@fdic.gov."Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
