Phishing schemes
Phishing schemes are email scams designed to trick recipients into releasing personal account information, usually by persuading them to open an email attachment or follow a website link whereupon they are prompted for everything from bank card PIN numbers to social secuirty numbers and other critical financial details.
URL spoofing
The FDIC email is just one of several email scams designed to trick users into following a specially crafted link which appears to take them to a legitimate site (in this case, the FDIC's), when in fact the site is someplace else entirely and run by criminals. In the past, simply verifying the correct address existed in the address bar sufficed to determine the legitmacy of the site. However, a recently discovered flaw can be exploited to effectively mask the site's true identity causing the web address of the legimate site to erroneously appear in the address bar of the browser.
This flaw has also been exploited in a similar phishing scheme affecting Citibank customers. For more on the implications of this browser flaw, see: IE Flaw could lead to phishing expedition
FDIC phishing email
The FDIC phishing email reads as follows:
- Subject: Important News About Your Bank Account
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.
http://www.fdic.gov/idverify/cgi-bin/index.htm
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
The fraudulent email is followed by names of several 'officials' in order to make it appear legitimate. The link displayed in the email actually points to the IP address 202.63.206.88, registered to Aly Ramzan of CubeXS Private Limited, presumably an ISP in Pakistan.
