Steve Quayle News Alerts

January 26, 2004
By Daniel Sieberg
CNN

(CNN) -- E-mail users are being warned about a new identity theft scam that tries to snare victims by accusing them of violating the government's anti-terrorism Patriot Act.

The fraudulent message appears to be from the Federal Deposit Insurance Corporation (FDIC) and asks people to verify their identity by clicking on a bogus Web link.

"In cooperation with the Department of Homeland Security, Federal, State and Local Governments [sic] your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act," the fraudulent e-mail states.

It goes on to claim that the person's deposit insurance will be suspended until certain private information, such as a bank account number, is submitted.

Hundreds of complaints have been registered throughout the United States since Friday, the FDIC said, but there's no way of knowing exactly how many consumers may have fallen victim. The FDIC and the FBI are investigating the source of the fraudulent e-mails and seeking to disrupt them.

An FDIC official said Monday the federal agencies seemed to have effectively shut down the scam over the weekend, but the originators of the e-mail have changed their tactics. The agency said there are now a few versions of the fraudulent e-mail circulating, each steering users to different Web sites.

"Unfortunately, they're still at it," the FDIC representative said. "But it appears that most consumers are calling to ask about it before doing anything."

No one should access the Web link provided within the body of the e-mail in case it spawns a computer virus, the FDIC official added. She said although the fake Web sites look like the FDIC page, there was no computer intrusion at the FDIC offices.

The e-mails initially appeared to come from Pakistan, but now they seem to be coming from computers in Taiwan and China, the FDIC said. However, the stolen data appears to be funneled through an Internet address in Russia.

It's not unusual for Internet scam artists to hijack "innocent" computers in various parts of the world to cover their online tracks.

Spoofing a particular agency or company in an e-mail message is known as "phishing" or "carding."

If someone receives an apparent "phishing" message, the Federal Trade Commission (FTC) recommends that people contact the firm requesting the data by phone to verify the information. The FTC also suggests reviewing bank and credit card records on a regular basis, and reporting suspicious activity to the agency.

Previous "phishing" scams have targeted customers of companies such eBay, Citibank and PayPal.

http://www.cnn.com/2004/TECH/internet/01/26/email.scam/index.html