January 23, 2004 3:29 PM PST
E-mail scam taps antiterrorist push, says FDIC
The fraudulent e-mail claims to be from the FDIC and informs recipients that their bank account has been denied insurance as a result of an investigation by the U.S. Department of Homeland Security into "suspected violations of the Patriot Act." The USA PATRIOT Act, which was passed after the Sept. 11 attacks, gives broad powers to law enforcement to combat terrorism.
"Someone really did their homework," said David Barr, a spokesman for the FDIC, adding that the letter is mostly free of the grammatical and spelling mistakes that usually act as a sign that the message is not genuine. Moreover, citations of the little-understood antiterrorism law, whose acronym stands for "Uniting and Strengthening of America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism," lend the message a dire tone.
"The Patriot Act is an actual act out there. It's done through Homeland Security, and it's used to block the flow of money," making the fraudulent e-mail seem at least plausible, Barr said.
The FDIC sent out the advisory after being inundated with complaints from consumers, who were worried that their bank accounts wouldn't have the $100,000 protection historically guaranteed by the FDIC.
The scheme is only the latest attempt to get personal and financial information through fraud, a criminal activity known as "phishing." Similar messages have targeted customers of Citibank, Wells Fargo, PayPal and other financial companies, but haven't cited the USA PATRIOT Act.
The latest letter states that unless recipients confirm their personal information by going to what looks like an FDIC Web site, then their account will lose its protection. The link to the Web site provided in the e-mail message leads to a server in Karachi, Pakistan, CNET News.com has discovered. Moreover, the link is formatted to take advantage of an Internet Explorer flaw that allows an attacker to hide the true destination of the link; in this case, the address bar in Internet Explorer displays "www.fdic.gov," while the actual Web site is at a different address in Pakistan.
The IE issue is more than a month old and has yet to be fixed by Microsoft.
"Microsoft is taking this vulnerability very seriously and is working to develop a patch to fix the problem," a company spokesperson said. "We will release this patch as soon as the development and testing process is complete."
Microsoft is directing users to a Knowledge Base article for more information."The FDIC is attempting to identify the source of the e-mails and disrupt the transmission," the agency's advisory stated. "Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to firstname.lastname@example.org."