The Federal Deposit Insurance Corporation (FDIC) and the FBI are investigating the source of fraudulent e-mails that claim bank deposit insurance will be suspended in the name of national security.
The e-mail tells recipients that Department of Homeland Security Director Tom Ridge has advised the FDIC to suspend all deposit insurance on the recipient’s bank account because of suspected violations of the USA PATRIOT Act, which gives law enforcement wide-ranging powers to combat terrorism. The e-mail goes on to say that the deposit insurance will remain suspended until bank account information can be verified, Reuters reported.
The FDIC, which was flooded with complaints on Friday, said in a statement that the e-mail is convincing, but a fake. The national insurer of U.S. bank accounts is warning consumers not to click on the link in the e-mail or provide any personal information.
The link in the body of the e-mail leads to a server in Karachi, Pakistan, CNET News reported. The attacker was able to hide the true destination of the link by taking advantage of a flaw in Microsoft’s Internet Explorer. The address bar displays www.fdic.gov, but does not lead there.
FDIC spokesman David Barr said, "Someone really did their homework," adding that the e-mail does not contain telltale spelling and grammatical errors that usually serve as clues that the e-mail is a fraud. Moreover, he said, citing the USA PATRIOT Act gives the message a serious tone and makes it sound plausible.
This kind of scheme to get attempt to personal and financial information is known as "phishing," and similar messages have targeted customers of Citibank, Wells Fargo, PayPal and most recently, U.S. Bank.
The FDIC and the FBI are attempting to disrupt transmission of the e-mail, but until then, consumers are asked to report any similar attempts to obtain this information to firstname.lastname@example.org.