October 26, 2009
Blended Threat Sighting: "FDIC has Officially Named Your Bank a Failed Bank" / "You Need to Check Your Bank Deposit Insurance Coverage" / "FDIC Alert" Malware Emails
The FDIC (Federal Deposit Insurance Corporation) issued a consumer alert today, noting that they have received many reports of fraudulent email purporting to be from the FDIC. In its warning (see "E-mail Claiming to Be From the FDIC – October 26, 2009"), the FDIC notes:
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mail states: “check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”
The e-mail then asks recipients to “visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage” (a fraudulent link is provided). It then instructs recipients to “download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage.”
This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
Good advice, of course! I took a quick look in Proofpoint's spam traps today and, indeed, these emails seem to be very widespread. (Note: Proofpoint's anti-spam solution accurately identifies all variations of these as spam.)
Subject lines I have observed for these emails include:
- FDIC has officially named your bank a failed bank
- you need to check your Bank Deposit Insurance Coverage
- FDIC alert: check your Bank Deposit Insurance Coverage
The body of these messages is all very similar and reads as follows:
You have received this message because you are a holder of a FDIC-insured bank account.
Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.
You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage:
Visit FDIC website: [malicious URL removed]
Download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage
Federal Deposit Insurance Corporation
These emails are very similar to the "IRS Notice of Underreported Income" and "Critical Update for Microsoft Outlook" emails I've noted recently and I suspect they are an attempt to install similar malware.
