Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scam Combines Patriot Act FUD With IE Bug

Posted by timothy on from the misery-loves-company dept.

LostCluster writes "CNET, Reuters, and the AP are all reporting this morning about a circulating e-mail scam that claims that people will lose their FDIC bank account insurance because they are suspected of violating the Patriot Act unless they confirm their bank account information with a website. The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"

20 of 447 comments (clear)

  1. Patriot Act by MORTAR_COMBAT! · · Score: 4, Insightful

    Any law which is so powerful and ambiguous as to put fear into people by its mere mention must be a bad law. A reasonable person, if accused of violating the Patriot Act, might actually doubt his own innocence because of the sheer labyrinthian might of the Act.

    --
    MORTAR COMBAT!
    1. Re:Patriot Act by GoofyBoy · · Score: 1, Insightful


      >Any law which is so powerful and ambiguous as to put fear into people by its mere mention must be a bad law.

      By your logic, any law with large penalties is a bad law.

      And if you aren't scared if accused of violating that type of law, you probally are more ignorant than anything else.

      --
      The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
    2. Re:Patriot Act by PPGMD · · Score: 1, Insightful
      *Probably going to get modded down for this, but what the heck*

      If you actually read the law, or at least a good honest description of the law it's not at all ambiguous, it's because of the FUD that is thrown around about it that most people don't know what it really says.

      Yes it's a powerful law, but that doesn't necessarily mean that it has to ambiguous, in some states drunken driving laws (and related penalties) are very powerful (and can basically ruin your life if caught), but no one complains, at least not nearly as much as the Patriot Act.

  2. Patch? by Guppy06 · · Score: 4, Insightful

    "The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"

    Right here.

  3. 3-m@1L $c@mmz0r$ by mac+os+ken · · Score: 5, Insightful
    I will probably never understand fully why anyone would fall for an e-mail scam that is clearly not legitimate. When I get a spam telling me:

    "W3 n33d jO0r b@nk @cc0un7 # bc@u$3 FDIC $@ys $0."

    I hit delete. Unfortunately some people fall for this. Does anyone have any numbers on just how succesful these e-mails are? Is the American public that ignorant?

    --
    .deviatefromtheabsolute.
    1. Re:3-m@1L $c@mmz0r$ by hchaos · · Score: 5, Insightful
      Unfortunately some people fall for this. Does anyone have any numbers on just how succesful these e-mails are? Is the American public that ignorant?
      No, the American public is not that ignorant. Very few scams are clever enough to hook the American public. Fortunately for the scammers, the American public isn't the target. Just like the Nigerian scam, it only takes about 0.001% of the population to fall for it in order to make a lot of cash.
  4. FDIC issues scam alert press release by LostCluster · · Score: 5, Insightful

    The real www.fdic.gov is running a rather standard press release to warn that it's a scam.

    Consumers never have any reason at all to send information to the FDIC. They already can get all they need to know out of banks.

  5. Email is no longer usable as a legitimate means... by Teddy+Beartuzzi · · Score: 4, Insightful
    ...of contacting your customers. Every day I get so many fake emails trying to get my paypal, ebay, banking info etc, that I no longer even look at it. All correspondence that appears to be from them simply gets binned. Even the legitimate ones, because they're indistinguishable from the fakes.

    Until we all start signing our emails with PGP.

  6. Definition of Critical by Gyorg_Lavode · · Score: 4, Insightful

    Remember, it's only defined as critical if it's exploited in the wild.

    --
    I do security
  7. Re:Stupidity! by BrookHarty · · Score: 4, Insightful

    People that actually fall for this bullshit don't deserve to have a bank account in the first place. Do you honestly think the feds are gonna contact you via email to tell you that you're violating the patriot act? Go get an education.

    Lots of elderly women who outlive thiner husbands, have to deal with the finances for the first time. These people make a great targets, they are computer illiterate. They where given a computer to communicate with their family, and dont know about all the email scams. And with the new homeland security daily threat levels, it confuses them.

    Do a little research before you blame the victim.

  8. Re:Solution by zcat_NZ · · Score: 2, Insightful



    I suggest using the official Microsoft patch?


    (OK, not really the official MSFT patch since there isn't one yet; my link demonstrates the bug by providing a Mozilla download on a msft-parody download page, complete with microsoft.com url..)



    (Yeah, I know.. I'm an attention-whore..)

    --
    455fe10422ca29c4933f95052b792ab2
  9. Re:I am a victim. by petabyte · · Score: 4, Insightful

    Do you plan on, at some point in the future, being old and collecting welfare through Medicare/Social Security? No? Oh.

    I have no illusions that Social Security will be there by the time I'm ready to retire (July 2047). I'm planing on being old but I'm certainly not naive enough to believe that there will be a dime left in Social Security at that point.

  10. Re:Oh NO Mr Bill! by TheOldFart · · Score: 2, Insightful

    There may be a point in there. Not that I would exonerate Mr. Bill, heck just the thought of it gives goose bumps... but... if you actually believe in such a bullshit email, wouldn't you be the type that couldn't tell the difference between the URL displayed and the rear end of a African sparrow? If you are the type that would check the URL, you are also the type that would take this email to be what it is and not eat it just like that.

  11. Re:Wow... by Fermier+de+Pomme+de · · Score: 1, Insightful
    Who modded this funny?

    Somebody with a sense of humor?

  12. Re:The actual text from the mail by mr_infiniti · · Score: 2, Insightful

    The wording and grammar are very good; very authoritative looking - almost too good for originating in Pakistan. This makes me wonder if this is an actual government form letter that perhaps was received by someone targeted by the Patriot Act, that has now been manipulated to serve their own needs. Does the FDIC actually do this to people? Is suspending account insurance part of an existing govn't process?

    I'm not centering-out Pakistan for any discrimination here, but isn't this where Osama is thought to be holed up? It would seem terribly ironic if a process meant to disable terrorists' finances is being exploited for financial gain by the same terrorists.

  13. We? by Anonymous Coward · · Score: 1, Insightful

    "Where's an MS patch when we really need one?"

    Who "We?"
    Not me.

  14. Re:Solution by NanoGator · · Score: 3, Insightful

    "Last time I checked you had to pay for it or it would use a large chunk of precious pixel estate for blinky banners."

    So, in other words, yes you don't have to pay a dime for it. There's a banner that sits up there. The thing is, if you pay for it, that space isn't reclaimed for anything particularly useful. I suppose you could add a bunch more buttons up at the top, but you'd be hard press to fill it.

    I paid for Opera, and had the banner removed, and went back to using it with ads because there wasn't any other real use for it. Now Opera uses 'Google Text ads', and once in a while something interesting comes along. It's not the most frequent thing in the world, but I did find out about a couple of Lightwave books that I never knew existed.

    Ads != evil.

    --
    "Derp de derp."
  15. Re:"Where's an MS patch when we really need one?" by fermion · · Score: 2, Insightful
    I understand that these things take time. You have to fix the bug, go through developer testing, regression testing, and then build some full product for beta testing. The patch then has to be built for distribution. Except for the fix and the beta test, all of this should be automated.

    But the question can be asked, why is this such an issue. Why is the %01(SOH) character so special? Is there any reason why they can't just go into the code that filters the URL input and strip out all control codes. Being excellent coders, there should be a single routine that does this, and stripping out control codes(%01-%1F) should not be a problem. These appear to be control codes in Unicode as well.

    Unless they did something really stupid and are using these control codes for some nonstandard internal purpose. Which means that they have to slash and hack the code until it the bugs is fixed.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  16. Re:Your picture is in the dictionary next to gulla by Lenolium · · Score: 2, Insightful

    You're right, just check right here

  17. That cuts it! Let's hand over control of the Web by Fantastic+Lad · · Score: 2, Insightful
    to the government!

    (I'm joking, of course.)

    False-Flag actions are easy to perform, they are incredibly effective, and the people in power are usually morally bankrupt (or outright psychotic) enough to feel no guilt in performing them.

    "But they wouldn't DO that! Nobody would attack their own people! They just wouldn't DO that!"

    No? They'd very deliberately lie to get us embroiled in an incredibly destructive and expensive war which is designed primarily to suck billions of dollars out of the public purse and feed it directly into the hands of a very few greedy men. The fact that or youth are being savaged both in body and mind means nothing to such people.

    Oh, I assure you, they would do that. It's not a new idea by any stretch, and why would it be? Easy, effective, and nobody believes it could ever happen. Heck, it's what I'd do in their place. Easy. Effective. --And common! Every time somebody rips off an insurance company through arson or what-not, it's the same thing. It happens. People do it. If you think that people in government do not do it, you are a fool. Period.

    Go and do some research. Look at all the 2003 'terrorist' bombings which took place around the world, notice when each of them happened. You'll notice that at each event, a significant step toward reason was undone. A bomb goes off, and a diplomat attending a key peace talk has a reason to storm out of the room. --Or some variation of that almost every single time. Also notice how the countries attacked were nearly always ones which happen to be sympathetic towards the so-called 'terrorist' nations opposed to US aggression. In other words, ridiculous targets which do not benefit the 'terrorists', but DO benefit the US and Israel.

    My point?

    The web is just another battle ground, folks.

    A significant percentage of this web-damaging activity isn't perpetrated by private hackers or quick-money spammers. It's the covert arm of somebody's government and the aim is to increase the level of fear and uncertainty, to make people more willing to give up freedom. To make the public ready to accept a wave of lunatic arrests of so-called, 'hackers'.

    It'll happen unless people are helped to understand the true nature of these kinds of events. If people don't get angry at the wrong parties, then we might just avoid the culling of the intellectuals which always happens during a fascist take-over.

    Knowledge Protects.


    -FL