Phishing Scam Spoofs U.S. Government Site

Phishing scams are now spoofing a web site operated by the U.S. government, using the Bush administration's information-gathering initiatives as cover for a scam to capture credit card and banking data. The fraud mimicks the Regulations.gov web site, and has triggered a consumer alert from the Federal Trade Commission.

The scam employs e-mails with subject lines reading "Official information" or "Urgent information to all credit card holders," and asserts that a new law requires Internet users to identify themselves to the government to "create a secure and safer Internet community." The e-mail links to a Web site masquerading as regulations.gov and asks readers to provide personal financial information.

Regulations.gov allows visitors to review and comment on documents in the Federal Register. The site is part of the Bush administration's e-Government initiative, which is developing an "e-authentication" process that envisions "the identity proofing of individuals and businesses" who use federal web sites to access government services. "This will help build the trust that must be an inherent part of every online exchange between citizens and the Government," according to the project's home page.

Phishing scams seek to trick account holders into divulging sensitive account information, usually through the use of fraudulent e-mails and web pages. To be effective, a phishing scam requires a trusted relationship and a plausible hook. The FTC alert emphasizes that there are no new rules or regulations that require citizens to share financial information through the Regulations.gov site. But recent news stories have raised awareness about state and federal government initiatives to aggregate information through databases.