Spoof E-Mail Claims to Come from FDIC
Numerous consumers have reported to the "Federal Deposit Insurance Corporation" (FDIC) about the e-mails that they have received and appear to come from FDIC. The "From" section of the mail writes the name "Federal Deposit Insurance Corporation" & the subject of the e-mail says "Important: Notification from Federal Deposit Ins. Corporation".
The message body of the e-mail says that the FDIC received an application from the recipient's bank to make sure that his/ her checking or savings account is protected against fraud, phishing or identity theft. The mail further says that if the recipient agrees, then he/ she should enroll in the FDIC protection system.
The e-mail is actually an absolute fraud and was never sent by FDIC. It is an effort to gather personal financial information of consumers. The e-mail lures the recipient to click on a link provided in it, which takes the recipient to a fake web page.
The e-mail scam apparently has the form of a text e-mail with a link, but is actually written in HTML format, which camouflage the link and lead to a forged FDIC website.
Further, the link is coded to a hoax URL, which takes advantage of the vulnerability of the genuine site address of FDIC. The site, instead of being located at http://www.fdic.gov, is actually at http://18.104.22.168.
According to Michael Benardo, manager of FDIC's financial crimes division, identity thieves are too good to pretend to be legitimate business or government officials, so they try to influence consumers to share their private monetary information.
Individual online users are advised to deal with only secure websites while handling money transactions. A secured site can be identified by the padlock symbol in the bottom right corner of the web browser. Clicking on the padlock gives security details. Financial organizations and consumers are advised not to click on the link provided in the e-mail and they should not provide any personal information via this media.
The FDIC is making efforts to identify the source of the e-mails and location of the website to break the transmission. Until then, consumers may report about such e-mails at 'firstname.lastname@example.org'.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 04-10-2006