January 26, 2004
From the desk of Mindles H. Dreck:Loss of insurance privileges
Many copies of the scam email Steve Antler discusses here were received at my firm. The message is below, but note the location of the form to which it directs you -
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have withdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information.
Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of aid verification and all suspensions of insurance on your account will be
lifted.http://www.fdic.gov/idverify/cgi-bin/index.htm [need I say it? don't go here - Ed.]
Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.
Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDICJohn D. Hawke, Jr.
Comptroller of the CurrencyMichael E. Bartell
Chief Information Officer
Either this is a pre-existing form on the FDIC's website or it directs data elsewhere by html POST. In the latter case the FDIC has been hacked [not. see update].
The FDIC's announcement is here and doesn't deal with the url at all.
I'm sure all the money laundering suspects are trembling at the idea that their $100,000 FDIC coverage might be revoked! Isn't that sort of like saying 'you're a suspected terrorist so we're confiscating your frequent flyer miles'?
UPDATE: D'oh! the text of the hyperlink was the real FDIC site. The underlying link was redirected to http://202.63.206.88/index.htm, and is no longer up.
Posted by Mindles H. Dreck at January 26, 2004 11:15 AM | TrackBack | Technorati inbound linksI looked through Slashdot and didnt see anything that seemed relevant in yesterdays postings - so PTFA.
There is a IE bug that allows you to put put a low-ASCII character in an URL so that when you click on it, the URL displayed in the address bar, status bar, etc is cut off after that point.
This can be combined with an older trick that put the fake URL as a user account + @ at the beginning of the real URL.
So, by following a link to the URL "http://www.microsoft.comX@www.google.com", where "X" is actually that character, IE will show http://www.microsoft.com in the address bar, but the Google search page in the window. Also, when you hover your mouse over the link, it shows Microsoft. I'll throw an example in my next post.
If this works:
IE (unless they've released a patch and you've downloaded it) will be fooled.
Opera will not be fooled and will pop up a warning.
Mozilla will not be fooled.
Re: Eric
Didn't exactly work in IE, but it definately does not work in my prefered browser, Mozilla Firebird.
Nice explanation (and example), Eric. Works surprisingly well in my IE 5.5 (even a Refresh doesn't direct the browser to the displayed page, nor does editing the URL in most cases).
I would point out that, as long as you have the status bar turned on, hovering over the link will display "http://www.microsoft.com @www.google.com"; the special character shows as a space, but the full URL is there.
My McAfee virus scan picked it up and warned me.
>>I'm sure all the money laundering suspects are trembling at the idea that their $100,000 FDIC coverage might be revoked! Isn't that sort of like saying 'you're a suspected terrorist so we're confiscating your frequent flyer miles'?
This reminds me of taking away student loan access because of drug convictions. Not a related penalty, but plausible that some "bright" young staffer on the hill would come up with it.
The social content of this is the most interesting thing to me. Notice the specific mention of the DHS and the Patriot Act. I submit that, due to the constant bombardment of media disinformation on the subject, the bulk of the public now regards the Patriot Act as being some kind of constitutional trump card -- the federal agent that holds it is licensed to ill (to mix a few pop-art metaphors), Bill of Rights be damned. Add to it a lot of mumbo-jumbo about the FDIC, which most account holders don't really understand, and you have a bit of social engineering capable of stirring up a lot of fear.
I blame it in part on the sorry state of civics education these days. The Patriot Act does not come close to doing most of the horrible things that everyone seems to assume it does. (OK, there are a few provisions that are over the top, and those need to be fixed. I notice that a federal district court has recently shot down one of the Act's clauses that places very broad restrictions on export of several categories of information.) And there seems to be just a smidgen of grandiose paranoia at work too -- in real life, I seriously doubt that Tom Ridge knows anything about me or gives a darn about my bank account.
Comments are Closed.