'Phishing' Scam Uses FDIC as Bait -- Internet Scams

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, 2, 3, [4] ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 22:36:21 02/02/04 Mon
Author: Benny
Subject: 'Phishing' Scam Uses FDIC as Bait
In reply to: Dummy 's message, "Scammers Go "Phishing" for Identity and Financial Information" on 05:58:19 01/29/04 Thu

'Phishing' Scam Uses FDIC as Bait

By Don Oldenburg
Washington Post Staff Writer
Tuesday, February 3, 2004; Page C10

Jim Morris says he was skeptical last week when he received two nearly identical e-mails six minutes apart, both purporting to come from the Federal Deposit Insurance Corp.

"This thing was slick enough that I could easily see someone falling for it and really getting taken to the cleaners," says Morris, a savvy computer user who immediately right-clicked the e-mails to access document properties and see who really sent them. Neither came from the FDIC.

Morris, co-owner of an environmental consulting firm in Jarrettsville, Md., had found perhaps the boldest "phishing" expedition so far to hit the in-boxes of unsuspecting Americans in search of private financial information.

The spam had an authoritative letterhead and tone, and stated that Homeland Security Secretary Tom Ridge had advised the FDIC to suspend deposit insurance on the recipient's bank account due to suspected violations of the USA Patriot Act. To reactivate the insurance, the recipient had to verify personal information, including bank account numbers -- via the link that supposedly connected to the FDIC. The phony site mimicked the real FDIC home page.

Washington resident Margaret Bressette got a similar e-mail -- hers from "U.S. Bank." It said her account had been closed after being "compromised by criminals involved in money laundering, illegal drugs, terrorism" and said her account would be frozen until she "verified her identity" by providing credit card and ATM numbers and PINs. The Web site appeared to be connected with the legitimate U.S. Bancorp Web site.

Bressette, a Foreign Service retiree, wasn't fooled by the spam but still felt relieved when her debit card worked at the grocery store.

Since the Consummate Consumer reported on unscrupulous phone-callers trying to entice people to divulge private financial information by impersonating credit-card security agents ("Don't Get Hooked by Phishing," Jan. 20), so-called phishing scams have spread rapidly in the bottom-feeder world of spamming.

"They are a growing problem to say the least," says FBI spokesman Paul Bresson.

Designed to appear as legitimate e-mails from trusted institutions such as banks, government agencies and online companies, phishing spams and their bogus Web links are a guise for identity-theft crooks. In the recent past, they have used mock-up Web sites to resemble those of PayPal, eBay, Best Buy and Citibank. One even masqueraded as the FBI. "That just goes to show that they're not going to stop at anything," says FDIC spokeswoman Elizabeth Ford.

After the FDIC issued a warning last week, 8,000 people who received the bogus e-mail contacted the FDIC hotline and Web site. Of those, 39 had provided their personal information, says FDIC spokeswoman Elizabeth Ford.

Marty Lindner of US-CERT (the U.S. Computer Emergency Readiness Team, a new partnership between Homeland Security's National Cyber Security Division and the private sector) says, "There is clearly a market and people who are willing to click on these things and follow through with them."

You don't have to fool most of the people to make phishing spams profitable, says Doug Peckover, founder and president of Privacy Inc. "We see one in 100,000 to be profitable," he says, explaining that phishing scammers will spam 5 million e-mail addresses to harvest 50 identities.

"These are two major problems -- spam and identity theft -- that are suddenly being served up in a very dangerous way," says Peckover, whose Dallas-based company last month launched a $39.95-a-year service, My Privacy Policy, that blocks spams and phishing scams.

Ford advises consumers who were fooled to contact their banks immediately: "If they gave out their ATM number and PIN, they need to figure out the best approach with their bank . . . such as closing the account," she says. "Our main message is that consumers should never provide personal financial information in response to unsolicited requests, no matter how legitimate they may appear

[ Next Thread | Previous Thread | Next Message | Previous Message ]

[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.