E-mails fraudulently claiming to be from the Federal Deposit Insurance Corporation (FDIC), which insures deposits in banks and thrift institutions, are attempting to trick recipients into installing unknown software on personal computers or into accessing a spoofed website. These e-mails falsely indicate that recipients should install software that was developed by the FDIC and other agencies or provide personal information at a spoofed, i.e. fake, website. The software may be a form of spyware or malicious code and may collect personal or confidential information. The spoofed website attempts to gain confidential information.
The subject line of such e-mail messages may include any of the following:
Online Access Agreement Update
Urgent Notification - Security Reminder
IMPORTANT: Notification of Federal Deposit Insurance Corporation
The e-mail may request that recipients click on a hyperlink that appears to be related to the FDIC, which directs recipients to an unknown executable file to be downloaded, or may direct recipients to a webpage requesting personal information. While the FDIC is working with the United States Computer Emergency Readiness Team (CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to firstname.lastname@example.org.
For further information on these "phishing" email messages, see the FDIC Consumer Alerts webpage at http://www.fdic.gov/consumers/consumer/alerts/index.html.