Important News About Your Bank Account - Email Scam
26th January 2004

Scammers assume the identity of the Federal Deposit Insurance Corporation causing angst in the FDIC and FBI ...

This email scam appears to take the form of a text email with a link (see image below), but it is written in HTML format which disguises the link that points to a forged Federal Deposit Insurance Corporation web site.

The link is further coded to spoof the URL (web address in your browser address bar) which causes the genuine site address to be shown in browsers which suffer this vulnerability. The site is not located at http://www.fdic.gov at all, but is actually http://211.191.98.216. At present Internet Explorer and Mozilla browsers are affected by this URL spoofing vulnerability.

This bug has been increasingly exploited by email scammers of late, and we eagerly await a patch from Microsoft. The vulnerability can also allow a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker (which will also reveal the true origin of the web page that you are viewing).

We have had several reports of this spoofed email, and it appears that the email is being sent from a number of different email accounts including Netscape, Earthlink and 1-base.com - there has been no forged return addresses, although the sender is shown as FDIC.

The forged pages use a PHP script to process any data provided. We have found that this script, together with the forged web pages, has been located at two different IP addresses - 211.191.98.216 (which resolves to Korean ISP), 202.63.206.88 (which resolves to a Pakistani ISP) and 211.75.215.137 (which resolves to a Taiwanese ISP).

One of our major concerns regarding this hoax, is the under reporting by the FDIC, which has posted a notice concerning the spoof email on their site, but which fails to mention the URL spoofing. Our other concern is the fast movement of the forged FDIC sites to new locations as each one is shut down. We expect to see many further reports of this scam with the site moving seemlessly around the internet.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

Take a good look at the following images, because this email scam may be coming to an inbox near you!

The fake FDIC Email ...

The first forged FDIC web page...

The second forged FDIC web page...

And the third and final forged FDIC web page...