E-mail scam uses anti-terrorism hook
By Daniel Sieberg
The fraudulent site is designed to look like a legitimate government page.
E-mail filtering firms offer these tips for consumers to fight the 'phishing' scam:
Don't trust e-mail headers, which can be forged easily.
Avoid filling out forms in e-mail messages. You can't know with certainty where the data will be sent and the information can make several stops on the way to the recipient.
Try not to click on links in an e-mail message from a company. Too many scam artists are making forgeries of company's sites that look like the real thing.
If you go to a link offered in an unsolicited e-mail, check to see if there is an 's' after the http in the address and a lock at the bottom of the screen. Both are indicators that the site is secure.
If you want to do business online, don't click on an e-mail link. Go to the company's Web site yourself and fill out information there.
(CNN) -- E-mail users are being warned about a new identity theft scam that tries to snare victims by accusing them of violating the government's anti-terrorism Patriot Act.
The fraudulent message appears to be from the Federal Deposit Insurance Corporation (FDIC) and asks people to verify their identity by clicking on a bogus Web link.
"In cooperation with the Department of Homeland Security, Federal, State and Local Governments [sic] your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act," the fraudulent e-mail states.
It goes on to claim that the person's deposit insurance will be suspended until certain private information, such as a bank account number, is submitted.
Hundreds of complaints have been registered throughout the United States since Friday, the FDIC said, but there's no way of knowing exactly how many consumers may have fallen victim. The FDIC and the FBI are investigating the source of the fraudulent e-mails and seeking to disrupt them.
An FDIC official said Monday the federal agencies seemed to have effectively shut down the scam over the weekend, but the originators of the e-mail have changed their tactics. The agency said there are now a few versions of the fraudulent e-mail circulating, each steering users to different Web sites.
"Unfortunately, they're still at it," the FDIC representative said. "But it appears that most consumers are calling to ask about it before doing anything."
No one should access the Web link provided within the body of the e-mail in case it spawns a computer virus, the FDIC official added. She said although the fake Web sites look like the FDIC page, there was no computer intrusion at the FDIC offices.
The e-mails initially appeared to come from Pakistan, but now they seem to be coming from computers in Taiwan and China, the FDIC said. However, the stolen data appears to be funneled through an Internet address in Russia.
It's not unusual for Internet scam artists to hijack "innocent" computers in various parts of the world to cover their online tracks.
Spoofing a particular agency or company in an e-mail message is known as "phishing" or "carding."
If someone receives an apparent "phishing" message, the Federal Trade Commission (FTC) recommends that people contact the firm requesting the data by phone to verify the information. The FTC also suggests reviewing bank and credit card records on a regular basis, and reporting suspicious activity to the agency.
Previous "phishing" scams have targeted customers of companies such eBay, Citibank and PayPal.