Slashdot Mirror
Scam Combines Patriot Act FUD With IE Bug
LostCluster writes "CNET, Reuters, and the AP are all reporting this morning about a circulating e-mail scam that claims that people will lose their FDIC bank account insurance because they are suspected of violating the Patriot Act unless they confirm their bank account information with a website. The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"
I hope this isn't what Bill was talking about with The Secure Computing Initiative
...now we're outsourcing scams to India too.
Where's an MS patch when we really need one?
Being prevented by the DMCA?
Where's an MS patch when we really need one?
:-)
These solutions will solve your problem.
Visit Jonesblog and say hello.
Ha! Can't get my money - don't have any.
Paul
Wherever you go, there you are.
Any law which is so powerful and ambiguous as to put fear into people by its mere mention must be a bad law. A reasonable person, if accused of violating the Patriot Act, might actually doubt his own innocence because of the sheer labyrinthian might of the Act.
MORTAR COMBAT!
This is a combination of using simple X- header lines for the top error part, as well as the "'begin'-then-two-spaces" bug, which lets you create a bogus MIME section that only MS mail readers fall for -- useful for suppressing the message part. The begin-with-two-spaces trigger makes an excellent quoted text header. :)
"The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"
Right here.
"W3 n33d jO0r b@nk @cc0un7 # bc@u$3 FDIC $@ys $0."
I hit delete. Unfortunately some people fall for this. Does anyone have any numbers on just how succesful these e-mails are? Is the American public that ignorant?
.deviatefromtheabsolute.
Here is a repost of the email on news.admin.net-abuse.sightings.
" >http://www.fdic.gov/idverify/cgi-bin/index.htm</a >
The link text:
<a href="http://www.fdic.gov@202.63.206.88/index.htm
There's no point in a slashdotting/DDoS since the U.S. connectivity provider has already choked off the flow of packets to this server in Pakistan. Pinging 202.63.206.88 times out.
Apparently they are "still working on it", just like they have been for the last two scheduled patch releases they've had. Unfortunately, the scammers and phishers are "still working on it" as well. And yet despite this, Microsoft still spouts such choice quotes about its software security as "The tool had to to be tested before we could put it on Windows Update... it would be unfair to accuse Microsoft of tardiness." (about a five month wait for an official Blaster clean-up tool) and "Windows is far more commonly afflicted with worm infections than Linux... but Microsoft offers greater accountability and support than open source alternatives".
Well, I'll agreee with one of those points. Can you guess which? ;)
UNIX? They're not even circumcised! Savages!
The real www.fdic.gov is running a rather standard press release to warn that it's a scam.
Consumers never have any reason at all to send information to the FDIC. They already can get all they need to know out of banks.
It's in the same place they put their concern for their end-users. Once you find that, let the rest of us know.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
We are with the government. You are violating the patriot act gullableguy@aol.stupiduser.com. We just want you to go to this site and give us all your compromising information because you are violating the patriot act under provision 1234. Please go to this site otherwise you will lose your FDIC insurance coverage. Please disregard the fact that if you really were suspected, the US government wouldn't actually contact you by email, and that the patriot act doesn't have anything to do with the FDIC. Oh and we would have addressed you by name instead of your email account. Oh, and other obivious and logical stuff too.
Best regards,
A guy who isn't pakistani
many roads lead to a safer internet expirience. mozilla, firewalls, scriptblockers.. however, the method i've found most effective is what i call "security through some old piece of crap". my mIRC client says "copyright 1995-1998", and when I asked 50+ nerds on a channel to try and DoS me, nobody could find a crack old enough! so the lesson is: don't wait for the new patch. revert to a version before the bug was even introduced.
Now that I'm unemployed, I feel more secure knowing that I have no money which can be scammed from me because of a "Patriot" Act. Thank God for the state of our Bushist economy!
The Welkin: Online Music Reviews
(puts on asbestos underwear)
The Patriot act invades the privacy and tramples the civil rights of America's citizenry by allowing the DOJ and the CIA to bypass the Bill of Rights whenever they feel like it by declaring someone a suspected terrorist, or, even better, and enemy combatant. The only thing preventing the Executive branch from using this to silence political dissidents is the enormous political fallout should they attempt it. It is, in addition, transparently racist in its implementation because it is being used to focus the eyes of law enforcement on dark-skinned foreigners, while largely ignoring homegrown terrorist groups such as the Ku Klux klan, National Alliance, Posse Comitatus, and the World Church of the Creator.
But, if none of these issues bother you, ignore me. You probably will anyway.
You are not the customer.
I lost money to a similar scam, except in my case the mail came in the form of a white envelope from the "Department of the Treasury, Internal Revenue Service." Short verison, there were papers in there wanting to know my social security number, how much I made, what I spent it on, all of the same information from my wife...and then it ordered me to give a percentage of my income to them or else they would come and put me in jail!
I did a bit of research and found that this money had been taken from me from some group of thugs called the Congress of the United States. Apparently, they took my money and I'm told there's very little chance of getting it back.
They've even got my employer in on the scam - now they are paying some of my paycheck directly to them.
Where's an MS patch when we really need one?
Honestly, the Patriot Act is so fucked up I doubt a simple patch will fix the problem. We'd have to throw the entire thing away and start from scratch. It's not worth salvaging.
And further more... What? Oh. You meant a patch for IE. Okay, I got it. My bad.
GMD
watch this
You are not the customer.
Man, I thought I was going to see some nasty Goatse-thing but then ... horror of horrors!! GEORGE BUSH!! AHHHHHHHHHHH!!!!!!!!!!!
That was rude, man...
I don't know about the rest of you, but I clicked on a funny link from a prior Slashdot thread that had an intentionally altered URL. The big shocker was, IE parsed it like it was no big deal, but my virus scanner picked up the malicious code. It warned me that the URL was modified by a bug in Internet Explorer, and allowed me to continue or back out.
I always swore by Norton, but from the things I've seen as of late, I think I'm sticking with Network Associates.
Until we all start signing our emails with PGP.
Remember, it's only defined as critical if it's exploited in the wild.
I do security
People that actually fall for this bullshit don't deserve to have a bank account in the first place. Do you honestly think the feds are gonna contact you via email to tell you that you're violating the patriot act? Go get an education.
Lots of elderly women who outlive thiner husbands, have to deal with the finances for the first time. These people make a great targets, they are computer illiterate. They where given a computer to communicate with their family, and dont know about all the email scams. And with the new homeland security daily threat levels, it confuses them.
Do a little research before you blame the victim.
Here's the text that prompted me into give away my personal info :)
Important News About Your Bank Account
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.
As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.
http://www.fdic.gov/idverify/cgi-bin/index.htm
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDIC
John D. Hawke, Jr.
Comptroller of the Currency
Michael E. Bartell
Chief Information Officer
Yesterday I received a message that appeared similar in nature to that described by the article. After many phone calls I managed to speak to the fraud section at the Commonwealth Bank (biggest bank in Oz), where the message appeared to come from.
Their solution (after getting some of the bank staff to pull their head from the sand) was to redirect all requests to a specific URL to the Bank's home-page.
Now I for one, think that the only way that they could do that, was with cooperation from ALL ISP's in this country.
The scam and the banks initial response pissed me off, but the redirect scares the *shit* out of me.
Anyone else share my concerns, or should I just crawl back into my box and live with the idea that the Internet has just died...
|>>?
Banks get notified of tons of things like this every day (I work in one), and all the tellers should know of the scams. Before you do anything involving your bank account, call your bank!
We also get memos telling us NOT to let Bin Laden or Saddam open accounts... allong with a list of the US Government's top 100 most wanted. I'm still not quite sure how we're suppossed to memorize all those names...
A lot of people here have suggested Mozilla as a solution. That is a partial answer. But a proper solution has not been implemented yet in Mozilla. See Bugzilla bug 122445, "Spoof prevention: Warn if username/password in link (url) looks like a hostname". The bug has been outstanding for two years now and it's still not been fixed in Mozilla. There is a proposed patch planned to go into 1.7a.
5
For the full discussion see: http://bugzilla.mozilla.org/show_bug.cgi?id=12244