October 2, 2003
Fake FBI site tries to lure victims
By Bob Sullivan, MSNBC

A suspicious e-mail and Web site masquerading as a communication from the Federal Bureau of Investigation made their way around the Internet Tuesday, attempting to lure Net users into divulging their bank account information. Both the site and the e-mail sported realistic-looking FBI logos. The Web site claimed that there had been a massive theft of debit cards, and urged consumers to enter their account information so the agency could check to see if it had been compromised. The FBI (the real one) said it was investigating.

"WE'RE TAKING IT very seriously," said FBI spokesman Paul Bresson. "I've pulled it up on my computer and it certainly looks authentic enough to cause some concern. It's obviously something we would never endorse, and we would never ask for from the public."
The Web site has several tell-tale grammatical errors which should tip off most Internet users that it's an attempt at fraud. But it appears realistic enough, including the same design, navigation buttons and links that are on the FBI's real home page.

"Today at 3 p.m. the ministry of protection of the confidential information has found out attempt on central servers of the country, swindlers were interested in debit cards of inhabitants of our country," the site reads, in awkward English. "Many banks were exposed to mass attacks therefore swindlers have taken hold of the confidential information."

Users are directed towards the Web site by a "phisher" e-mail; an electronic message which appears to be from the FBI that pushes recipients to visit the fake FBI Web site. The e-mail arrives with the subject line "Debitt card fraud alert." It includes a text link that appears to send recipients to a legitimate FBI Web site at https://www.fbi.gov/debit_theft.html. But a programming trick actually sends Net users to a Web site hosted at fbi.x-web-x.com.

"In order to prevent fraud of money means from your account, the earnest entreaty to grant us the information on your card and on communication with you (credit card number, expiration date, pin, approximate balance of your card, your phone for communication with you)," the site says, followed by blank forms where visitors are urged to fill in their account number and PIN code.

Bresson said the FBI became aware of the Web site late Tuesday morning. As of 4:30 p.m. ET, the site was still operating.

Domain information for the Web site indicated it was registered to an operator in Switzerland. But Internet security research Richard Smith, who operates ComputerBytesMan.com, said the site actually appeared to be hosted by an Internet service provider in Florida.

A support technician who answered the phone at the ISP confirmed the site appeared to be on its network and said he would work to have it turned off as quickly as possible.

Data entered into the forms on the Web page is eventually transmitted to a Russian-based e-mail address.

Such phishing e-mail have become so popular among criminals -- and so common for Internet scam victims -- that the Federal Trade Commission and the FBI hosted a press conference earlier in July warning consumers about them.

"This is the hot new fad amongst online con artists trying to pry money out of people's wallets," said FBI spokesman Bill Murray said in July. "The first line of defense is with the consumer. The consumer has to be savvy."