American phishing scam uses anti-terrorism hook

The Federal Deposit Insurance Corp (FDIC), the national insurer of US bank accounts, warned Americans on Friday that a convincing email scam is making the rounds.

The fraudulent email claims to be from the FDIC and informs recipients that their bank account has been denied insurance as a result of an investigation by the US Department of Homeland Security into "suspected violations of the Patriot Act". The USA Patriot Act, which was passed after the 11 September attacks, gives broad powers to law enforcement to combat terrorism.

"Someone really did their homework," said David Barr, a spokesman for the FDIC, adding that the letter is mostly free of the grammatical and spelling mistakes that usually act as a sign that the message is not genuine. Moreover, citations of the little-understood anti-terrorism law, whose acronym stands for 'Uniting and Strengthening of America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism', lend the message a dire tone.

"The Patriot Act is an actual act out there. It's gone through Homeland Security and it's used to block the flow of money," making the fraudulent email seem at least plausible, Barr said. The FDIC sent out the advisory after being inundated with complaints from consumers, who were worried that their bank accounts wouldn't have the $100,000 protection historically guaranteed by the FDIC.

The scheme is only the latest attempt to mine personal and financial information through fraud, a criminal activity known as 'phishing'. Similar messages have targeted customers of Barclays, HSBC, Citibank, Wells Fargo, PayPal and other financial companies but haven't cited the USA Patriot Act.

The latest letter states that unless recipients confirm their personal information by going to what looks like an FDIC website, then their account will lose its protection. The link to the website provided in the email message leads to a server in Karachi, Pakistan. Moreover, the link is formatted to take advantage of an Internet Explorer flaw that allows an attacker to hide the true destination of the link; in this case, the address bar in Internet Explorer displays 'www.fdic.gov', while the actual website is at a different address in Pakistan.

The IE issue is more than a month old and has yet to be fixed by Microsoft.

"Microsoft is taking this vulnerability very seriously and is working to develop a patch to fix the problem," a company spokesperson said. "We will release this patch as soon as the development and testing process is complete."

Microsoft is directing users to a Knowledge Base article for more information.

"The FDIC is attempting to identify the source of the emails and disrupt the transmission," the agency's advisory stated. "Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov."

Robert Lemos writes for CNET News.com.