Phishers Fake FDIC Web Site

Phishers spoofed the Federal Deposit Insurance Corporation's (FDIC) Web site again last week, and, using bogus e-mails, tried to entice consumers to sign up for a non-existent service that tracks suspicious activity on credit, debit and bank ATM cards.

Like many other recent phishing scams, this one plays off consumers' knowledge of the danger of identity theft.

"In cooperation with Citibank, Bank of America, Fleet, SunTrust and other major banks, the FDIC has developed an entirely new system to identify and prevent fraudulent ATM, debit and credit card activity," the faux Web site claims. "This is an effort to prevent the recent surge in credit, debit card fraud and identity theft."

Once consumers have been drawn to the site -- a very close copy of the FDIC's actual Web site, the government-backed insurer of bank accounts -- they're encouraged to "register" their cards with the service. "You will be protected from unauthorized use of your card or account information. With FDIC's Zero Liability policy, your liability for unauthorized transactions is $0 -- you pay nothing!" the site read.

Of course, there is no such thing as a "Zero Liability" policy through the FDIC.

This isn't the first time that phishers have used the FDIC as a disguise to trick consumers. Earlier this month, the Anti-Phishing Working Group detected a less sophisticated scam that tried to get users to give up their credit card account numbers, Social Security numbers and PINs.

That e-mail, however, was somewhat easier to sniff out as a scam, since it had numerous misspellings, including a line that read, "... failure to update your records will result in Bank account deletation [sic]."

Article courtesy of TechWeb News, September 24, 2004