Scam Combines Patriot Act FUD With IE Bug

LostCluster writes "CNET, Reuters, and the AP are all reporting this morning about a circulating e-mail scam that claims that people will lose their FDIC bank account insurance because they are suspected of violating the Patriot Act unless they confirm their bank account information with a website. The scammers then use the already documented bug in IE that allows a site in Pakistan to get 'www.fdic.gov' to appear in the URL bar. Where's an MS patch when we really need one?"

Oh NO Mr Bill!

[Dutchmaan]

I hope this isn't what Bill was talking about with The Secure Computing Initiative

I Know Where

Where's an MS patch when we really need one?

Being prevented by the DMCA?

Still more fun with the PATRIOT act and MS bugs

[Mr.+Darl+McBride]

You can make your messages look like this to MS users: (PNG picture) and elicit fun responses like this, while your messages look normal to non-MS users.

This is a combination of using simple X- header lines for the top error part, as well as the "'begin'-then-two-spaces" bug, which lets you create a bogus MIME section that only MS mail readers fall for -- useful for suppressing the message part. The begin-with-two-spaces trigger makes an excellent quoted text header. :)

Re:Still more fun with the PATRIOT act and MS bugs

[1010011010]

Hysterical. from the MS KnowledgeBase article:

To workaround this problem:

• Do not start messages with the word "begin" followed by two spaces.
• Use only one space between the word "begin" and the following data.
• Capitalize the word "begin" so that it is reads "Begin."
  and my favorite...
• Use a different word such as "start" or "commence."

Remember that, kids! Use "start" or "commence!"

3-m@1L $c@mmz0r$

[mac+os+ken]

I will probably never understand fully why anyone would fall for an e-mail scam that is clearly not legitimate. When I get a spam telling me:

"W3 n33d jO0r b@nk @cc0un7 # bc@u$3 FDIC $@ys $0."

I hit delete. Unfortunately some people fall for this. Does anyone have any numbers on just how succesful these e-mails are? Is the American public that ignorant?

Re:3-m@1L $c@mmz0r$

[hchaos]

Unfortunately some people fall for this. Does anyone have any numbers on just how succesful these e-mails are? Is the American public that ignorant?

No, the American public is not that ignorant. Very few scams are clever enough to hook the American public. Fortunately for the scammers, the American public isn't the target. Just like the Nigerian scam, it only takes about 0.001% of the population to fall for it in order to make a lot of cash.

Re:Solution

[UnassumingLocalGuy]

And for those of us too cheap to buy a new browser, Mozilla or Firebird will have to do.

FDIC issues scam alert press release

[LostCluster]

The real www.fdic.gov is running a rather standard press release to warn that it's a scam.

Consumers never have any reason at all to send information to the FDIC. They already can get all they need to know out of banks.

Re:Solution

[LousyPhreak]

But the problem is your solutions also requires one of these upgrades.

I would rather recomend this upgrade.

Or if you have a dislike for linux even just this upgrade helps much.

;)

Your picture is in the dictionary next to gullable

[DrDoombender]

Dear gullableguy@aol.com,

We are with the government. You are violating the patriot act gullableguy@aol.stupiduser.com. We just want you to go to this site and give us all your compromising information because you are violating the patriot act under provision 1234. Please go to this site otherwise you will lose your FDIC insurance coverage. Please disregard the fact that if you really were suspected, the US government wouldn't actually contact you by email, and that the patriot act doesn't have anything to do with the FDIC. Oh and we would have addressed you by name instead of your email account. Oh, and other obivious and logical stuff too.

Best regards,

A guy who isn't pakistani

Re:Solution

[Liselle]

I hate to plug Opera twice in the same thread, heh. But if I click on a link like one you mentioned, Opera will throw up a dialog box that says this:

Security warning:

You are about to go to an address containing a username.

Username: www.slashdot.org
Server: www.whitehouse.gov

Are you sure you want to go to this address?

Piece of cake.

A patch is gonna fix THIS?!?

[GuyMannDude]

Where's an MS patch when we really need one?

Honestly, the Patriot Act is so fucked up I doubt a simple patch will fix the problem. We'd have to throw the entire thing away and start from scratch. It's not worth salvaging.

And further more... What? Oh. You meant a patch for IE. Okay, I got it. My bad.

GMD

Nasty sight

[finelinebob]

So if you type http://www.slashdot.org:foo@www.whitehouse.gov/ you get directed to a nasty site, even though the URL appears to say www.slashdot.org.

Man, I thought I was going to see some nasty Goatse-thing but then ... horror of horrors!! GEORGE BUSH!! AHHHHHHHHHHH!!!!!!!!!!!

That was rude, man...

The actual text from the mail

[Minus+Five]

Here's the text that prompted me into give away my personal info :)

Important News About Your Bank Account

To whom it may concern;

In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.

As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.

Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.

http://www.fdic.gov/idverify/cgi-bin/index.htm

Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.

Thank you for your time and consideration in this matter.

Donald E. Powell
Chairman Emeritus FDIC

John D. Hawke, Jr.
Comptroller of the Currency

Michael E. Bartell
Chief Information Officer

Mozilla

[paj1234]

A lot of people here have suggested Mozilla as a solution. That is a partial answer. But a proper solution has not been implemented yet in Mozilla. See Bugzilla bug 122445, "Spoof prevention: Warn if username/password in link (url) looks like a hostname". The bug has been outstanding for two years now and it's still not been fixed in Mozilla. There is a proposed patch planned to go into 1.7a.

For the full discussion see: http://bugzilla.mozilla.org/show_bug.cgi?id=122445