- Getting Comfy With Compliance
- The Threat Connection
- Protecting Sensitive Data
- The Cyber Crime Issue
- The Rule of Three
- The Human Side Of Security
- Social Engineering
- Privacy vs Security
E-mail Claiming to Be From the FDIC
February 15, 2011 - The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mail states: "Important information for depositors of Federal Deposit Insurance Corporation." The e-mail informs recipients that ".this message was sent to you as you had indicated this e-mail address as a contact, by opening an account in your bank department."
The e-mail then states, "In order to inform you about the news concerning current business activity of the Company on a timely basis, please, look through the last important changes in current regulations of endowment insurance procedure. Please, refer to more detailed information in the attached document." The e-mail says that it is from "Federal Deposit Insurance Corporation Investor Relations Department."
Attached to the e-mail is Zip file named "FDIC_Document.ZIP"
This e-mail and its attachment are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should not open the attachment provided.
The FDIC does not issue unsolicited e-mails to consumers.
FDIC Consumer Alert - E-mail Claiming to Be From the FDIC
July 2, 2010 - The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC. The subject line of the e-mails state: "you need to check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The e-mail then directs recipients to click on a link stating "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."
This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers and should not click on the link provided. The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
NACHA Phishing Scam
NACHA - The Electronic Payments Association - has issued an advisory to all financial institutions and their customers about phishing emails designed to appear as if they were sent from NACHA warning users about failed ACH transactions. The e-mail includes a link that, if clicked, redirects the individual to a fake web page that appears to be a NACHA website and contains a link that almost certainly leads to a Jabber/Zeus malware download.
This phishing attempt is not targeted specifically at any single financial institution. It is being sent broadly across the Internet.
NACHA is aware of the phishing attack and has an article on their homepage at www.nacha.org.
The American Bankers Association has been alerted that someone or a group of individuals sending cash prize letters purporting to be from ABA are actually part of fake check scam. These con artists are sending letters asking people to call a phone number to find out how to collect the prize -- a popular technique to get personal financial information from the letter recipient. Many of the letters contain one or more fraudulent checks, and a number of individuals have attempted to cash or deposit these fraudulent checks.
The fraudulent checks are listed as from ABA and ABD Federal Credit Union, however ABA believes other financial institutions may be targeted. The amount of the checks is typically between $1,000 and $5,000.
ABA is working with law enforcement to identify the source of the letters and to disrupt them. ABA offers the following advice to consumers:
- If you think someone is trying to pull a fake check scam, don't deposit the check – report it – because you are responsible for the money you withdrew if the check or money order bounces. To report a fake check or find out more information on how you can avoid them, go to fakecheck.org.
- Never give out your personal financial information in response to an unsolicited phone call, fax or email, no matter how official it may seem. If you are uncertain, call your financial institution yourself using a phone number you know is safe.
- If you have already responded to this type of call or email by providing your personal financial information, contact your financial institution immediately to protect your account;
- Inform the ABA about fraudulent phone calls and emails that use ABA's name by sending an email to email@example.com.
E-mail Claiming to Be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mail states: "Inquiry about your bank account." The e-mail tells recipients that, "due to many fraud and money laundering attempts made by non-US residents the past 2 months using fake information to open US bank accounts, and using them for illegal purposes, we require all FDIC member's banks customers to update some information on their bank accounts as soon as possible in order to confirm their identities."
The e-mail then asks recipients to follow a hyperlink and then to click on their bank logo. It then informs recipients that they will be redirected to their bank Web site "through a specialized link" and that, once logged in, they will need to "fill some information."
This e-mail is fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
SECURITY ADVISORY: Malware targeting online banking users -
In an effort to inform you of security-related issues that may impact your end users, we have been notified that a new version of malware is now targeting online banking end users, and in particular users of business or corporate banking sites. Once the infection is present, the malware attempts to trick users by popping up fraudulent login screens for the purpose of acquiring sensitive data such as usernames, passwords, challenge questions, token challenge numbers and other information.
Sometimes referred to as Bankpatch.C, Agent-IPS Trojan or by several other names (there are several known variants), this malware is not targeted specifically at Digital Insight clients or at any single financial institution. Digital Insight systems have not been breached. Your information is still safe. This malware is not directly related to Digital Insight products and services.
Since the malware primarily uses false login windows to capture information, business or corporate banking users should be advised to report any strange corporate or business banking login windows, or anything that looks different on a login window. These could be signs that the user's computer has been affected by the malware. As a general precaution, users should also close all other browser sessions and tabs before logging into a banking session.