October 2, 2003
Fake FBI site tries to lure victims
By Bob Sullivan, MSNBC
A suspicious e-mail and Web site masquerading as a communication from the Federal Bureau of Investigation made their way around the Internet Tuesday, attempting to lure Net users into divulging their bank account information. Both the site and the e-mail sported realistic-looking FBI logos. The Web site claimed that there had been a massive theft of debit cards, and urged consumers to enter their account information so the agency could check to see if it had been compromised. The FBI (the real one) said it was investigating.
"WE'RE TAKING IT very seriously," said FBI spokesman Paul Bresson. "I've pulled it up on my computer and it certainly looks authentic enough to cause some concern. It's obviously something we would never endorse, and we would never ask for from the public."
The Web site has several tell-tale grammatical errors which should tip off most Internet users that it's an attempt at fraud. But it appears realistic enough, including the same design, navigation buttons and links that are on the FBI's real home page.
"Today at 3 p.m. the ministry of protection of the confidential information has found out attempt on central servers of the country, swindlers were interested in debit cards of inhabitants of our country," the site reads, in awkward English. "Many banks were exposed to mass attacks therefore swindlers have taken hold of the confidential information."
Users are directed towards the Web site by a "phisher" e-mail; an electronic message which appears to be from the FBI that pushes recipients to visit the fake FBI Web site. The e-mail arrives with the subject line "Debitt card fraud alert." It includes a text link that appears to send recipients to a legitimate FBI Web site at https://www.fbi.gov/debit_theft.html. But a programming trick actually sends Net users to a Web site hosted at fbi.x-web-x.com.
"In order to prevent fraud of money means from your account, the earnest entreaty to grant us the information on your card and on communication with you (credit card number, expiration date, pin, approximate balance of your card, your phone for communication with you)," the site says, followed by blank forms where visitors are urged to fill in their account number and PIN code.
Bresson said the FBI became aware of the Web site late Tuesday morning. As of 4:30 p.m. ET, the site was still operating.
Domain information for the Web site indicated it was registered to an operator in Switzerland. But Internet security research Richard Smith, who operates ComputerBytesMan.com, said the site actually appeared to be hosted by an Internet service provider in Florida.
A support technician who answered the phone at the ISP confirmed the site appeared to be on its network and said he would work to have it turned off as quickly as possible.
Data entered into the forms on the Web page is eventually transmitted to a Russian-based e-mail address.
Such phishing e-mail have become so popular among criminals -- and so common for Internet scam victims -- that the Federal Trade Commission and the FBI hosted a press conference earlier in July warning consumers about them.
"This is the hot new fad amongst online con artists trying to pry money out of people's wallets," said FBI spokesman Bill Murray said in July. "The first line of defense is with the consumer. The consumer has to be savvy."
Alum Metal Fab
Custom Marine Sales
Dave's Custom Boats
Diamond Performance Parts
Double R Performance
Elton Porter Insurance
Fastboats Marine Group
GGB Exhaust Technologies
Grand Sports Center
Ilmor High Performance Marine
Lake Cumberland Marine
Lake Havasu Boat Show
Marine Technology Inc
McLeod Design Group
Performance Boat Center
Performance Marine Trading
Potter Performance Engines
Ron Sporl Performance
Speed and Custom Marine
Total Dollar Insurance
Teague Custom Marine
Wake Zone Marine Insurance
Young Performance Marine