Phishing At The FDIC? Be Careful!

We found a report about fraudulent e-mails claiming to be from the FDIC of ironic interest. These emails are attempting to trick recipients into installing unknown software on personal computers. They falsely indicate that recipients should download and open a "personal FDIC insurance file" to check their deposit insurance coverage. The "insurance file" may actually be a form of spyware or malicious code and may collect personal or confidential information.

Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
 
The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. The FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file. Financial institutions should NOT access the Web site or download the executable files provided on the Web site.