FTC 'Fraud Department' E-Mail Hoax
FTC warns of spoof e-mails referencing a "complaint" against the recipient.
Oct. 31, 2007 — -- E-mail users should be on the lookout for spoof e-mails claiming to be from the Federal Trade Commission, the FTC and the Department of Homeland Security warned on Wednesday.
The e-mails reference a "complaint" filed with the FTC against the individual address that received the message.
The bogus message contains a phony sender address claiming to be from the FTC "Fraud Department," which appears in the message as "frauddep@ftc.gov." The message also "spoofs the return-path and reply-to fields to hide the e-mail's true origin," according to the FTC.
The FTC became aware of the issue after being "flooded" with calls and e-mails, agency spokeswoman Jackie Dizdul told ABC News. Dizdul didn't know the exact number of complaints received, but said the number was "in the thousands."
Though opening the message doesn't cause any apparent harm, those who have received the e-mail and opened the attachment or clicked any links in the message might have downloaded a virus, and are advised to run anti-virus software on their computers.
The virus in the message "appears to install a 'key logger' that could potentially grab passwords and account numbers," the FTC warning states.
The spoofers appeared to be careless in the writing of the message itself, as it "has grammatical errors, misspellings, and incorrect syntax," the warning notes. Even with the errors, Dizdul said, "at the same time, these things can look very official."
The spammers used the common tactic of mimicking the appearance of a legitimate e-mail to entice users to open the message and its attachment, going as far as using the commission's seal in the message.
As with similar e-mail scams claiming to be from banks, credit card companies or other legitimate businesses or organizations, "obviously, it makes you think twice," Dizdul said.
DHS's U.S.-Computer Emergency Readiness Team, which is a public-private sector partnership created in 2003 with the goal of protecting the U.S. Internet infrastructure, also issued a notice on the e-mail spoof on behalf of the FTC.
