/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsJonathan Stempel
NEW YORK: The FDIC issued an alert about an increasingly common e-mail scam designed to steal personal information and money from millions of unwary consumers.
The Federal Deposit Insurance Corp. (FDIC), perhaps best known as an insurer of bank deposits, issued its warning about so-called "phishing" eight months after criminals began misappropriating its name and reputation to perpetrate e-mail fraud.
Phishing lures innocent people to bogus Web sites that look like those of well-known or reputable government agencies, banks, credit card companies and retailers, and deceives them into divulging personal data.
The term is derived from the act of computer thieves who "fish" for private data.
The Anti-Phishing Working Group, which monitors Internet scams, said up to 5 percent of recipients of the scam e-mails respond, often suffering identity theft or financial loss.
The group identified 1,974 distinct phishing attacks in July, up about 1,700 percent from 116 in December.
Institutions that scammers target include Citibank, U.S. Bank, eBay and PayPal, Capital One, SunTrust and Wells Fargo. Two-thirds of July's attacks targeted Citibank and U.S. Bank, the anti-phishing group said.
In a typical scam, the fake e-mail gives you a reason to verify or re-submit personal or confidential information, such as to confirm a recent transaction, or to help safeguard your account from fraud.
The message then provides a link to what appears to be a real Web site of the issuing entity, but which in fact, is operated by the scammer.
You might then be asked to provide Social Security or account numbers, passwords, or information commonly needed to access accounts, such as your mother's maiden name. Armed with this information, scammers can rip you off.
Many fake e-mails carry return addresses at sites such as Yahoo.com, or contain typographical or grammatical errors -- two-thirds of scammers come from such countries as South Korea, China and Russia, the anti-phishing group said. E-mails might even appear to come from entities you don't do business with.
One recent fake e-mail seeming to come from Citibank urges you to restore full access to your accounts following a tampering by an "unauthorized third party." Another urges you to provide up-to-date information because your "Account Has been frozen!" (The "h" in "Has" is capitalized.)
The FDIC said if anyone suspects an e-mail or Web site is fake, they should tell the real entity, using contact information you know is reliable. It said people may also contact the Internet Crime Complaint Center, a partnership between the FBI and National White Collar Crime Center, at http://www.ifccfbi.gov.
If anyone believes they are a victim of identity theft or see unauthorized account or credit card activity, the FDIC said, they should contact their financial institution and, if necessary, close existing accounts and open new ones. People may also call the three major credit bureaus -- Equifax at 1-800-525-6285, Experian at 1-888-397-3742, and TransUnion at 1-800-680-7289 -- to request a fraud alert be placed on their credit report.
The FDIC alert appears at http://www.fdic.gov/consumers/consumer/alerts/index.html. The U.S. Federal Trade Commission also maintains a Web site on identity theft at http://www.consumer.gov/idtheft.