1. News & Issues
About.com
Urban Legends
FDIC Email 'Phishing' Scam
Netlore Archive:  A fraudulent email purporting to originate from the FDIC uses scare tactics referencing the Department of Homeland Security and the U.S.A. Patriot Act to con users into divulging personal information on a fake government Website

Description:  Email Scam
Status:  Fraudulent
Circulating since:  Jan 23, 2004
Analysis:  See below		  


Email example contributed by Bill P., 23 Jan. 2004:

To whom it may concern;

In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.

As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.

Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.

http://www.fdic.gov/idverify/cgi-bin/index.htm

Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.

Thank you for your time and consideration in this matter.

Donald E. Powell

Chairman Emeritus FDIC

John D. Hawke, Jr.

Comptroller of the Currency

Michael E. Bartell

Chief Information Officer


Comments:  This hoax message, spammed to untold thousands on January 23, 2004, constitutes a new wrinkle on what is fast becoming one of the most prevalent forms of Internet fraud: "phishing."  This method of identity theft involves the use of "spoofed" email and/or Web addresses to trick victims into believing they are communicating with a trusted source, such as a bank or high-profile corporation, and revealing personal information pertaining to credit card, ATM or other financial accounts.

In the present case, the perpetrators are actually trying to convince potential victims they are being contacted by an agency of the U.S. government. Not only that, it is claimed that the recipient of the message may be in violation of the U.S.A. Patriot Act, flagged as such by Director of Homeland Security Tom Ridge himself!

The embedded link, which appears to go to a so-called "IDVerify" page on the FDIC Website (a page which doesn't exist, by the way), redirects users to a different site entirely (http://202.63.206.88/index.htm), which wasn't functional when I attempted to access it but was presumably rigged with a fill-out form meant to extract private financial information and funnel it to the scammer(s).

Contacted by phone, a representative of the FDIC confirmed that the message is fraudulent. A special alert has been posted on the agency's Website.


Precautions:  The U.S. Federal Trade Commission recommends taking the following precautions to avoid Internet identity theft:

  • If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.

  • Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.

  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

  • Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.


Email This Article


Sources and further reading:

FDIC Consumer Alert: Fraudulent Emails
FDIC Website, 23 January 2004

'Spoofing' and 'Phishing' and Stealing Identities
About U.S. Gov Info/Resources

'Phishing' Scams Reel in Your Identity
CNN, 22 July 2003

How Not to Get Hooked by a 'Phishing' Scam
Federal Trade Commission consumer alert


Last updated: 01/23/04


Current Netlore
The Urban Legends Top 25

Discuss in my forum

©2013 About.com. All rights reserved.