Avoid the bait

Phishing schemes continue to flourish


 robert-holtfreter-80x80.jpg    Taking Back the ID: Identity theft prevention analysis



On July 23, 2012, the U. S. Community Trust Bank reported that fraudsters, posing as representatives of the bank, were sending out "gift-card scam" phishing emails. The scam offered a "free" $1,000 gift card to potential victims. They were instructed to go to a website and provide an address and other personally identifiable information (PII) to claim the gift card. Here's an example of the email used in this "free" gift card scheme: 

Dear Subject name,

On behalf of Community Trust Bank you have been issued a $1,000 
Visa Gift Card free of charge.

Card type: Visa Gift Card
Issued to: Subject Name
Issuing branch: Ruston, Louisiana
Valid until: 08/2015

Please use the following website to claim your card and have it shipped to the address of your choosing:

Go to: 

Note that claims must be made within 48 hours from this email being sent, or the above link will become invalid.

Sincerely, Rachel
Customer Service
Employee Benefits Center, LLC

This phishing scheme is typical of others; fraudsters use them to prompt victims to provide such PII as checking account or credit card numbers, which the fraudsters use to commit fraud. If the recipient also clicks on a provided link, malicious malware will download onto the recipient's computer. When the victim initiates an online banking session the embedded malware will allow the fraudster to transfer money out of the victim's bank account. 

Regardless of the type of phishing scheme, the victim will suffer a loss of resources and become an identity theft victim. Phishing schemes are very common, and new ones continue to emerge and flourish. Some recent ones, including the following six reported by the Federal Deposit Insurance Corporation (FDIC) in 2012, continue to be in circulation. 


On Oct. 3, 2012, the FDIC reported that it had received numerous complaints from individuals of fraudulent email messages claiming to have been sent from the agency. 

The content of the messages was similar; the "Subject" lines were different. Each message read that the recipient's opportunity to conduct a transfer of money via the Automated Clearing House (ACH) process or wire transfer was suspended. The recipient was instructed to click on a link to install a software update which, supposedly, allowed the recipient to restore the ability to create a transfer of money. 

On Sept. 13, 2012, the FDIC reported that two fraudulent email messages had surfaced that gave the appearance they were coming from the agency. The first message read that the recipient was involved in a situation pertaining to the U.S. Investor Protection Law under the Securities Act of 1933 and the U.S. Bankruptcy Reform Act of 1978 and must click on a link to provide PII to resolve the issue. The email document also contained fraudulent contact information including a false FDIC email address (fdic.gov@execs.com) that didn't include "exes.com" and the false D.C. area code of 646 — it's actually 202. A form, "FDIC Claimant Verification," attached to the cover letter, was also fraudulent. 

The second fraudulent email message reported on this date claimed to originate at support@fdic.gov; it informed each recipient that his recent ACH transaction wasn't completed. He was then asked to update the transaction and download it by clicking on a link in the document. 

On April 27, 2012, the FDIC alerted individuals to a new phishing scheme that gave the appearance that it came from the agency. The email messages were similar to each other, and the "Subject" line was the same: "SURVEY CODE: STJSPNUPUT." The content of the "From" line varied. The email stated that if the recipient completed a "quick and easy" five-question survey, the FDIC would credit $100 to his bank account. The email instructed the victim to "Click here to continue." Not a good idea.  

For full access to story, members may sign in here.

Not a member? Click here to Join Now and access the full article.