FDIC Consumer Alert – October 19, 2006

The FDIC has received reports by businesses and consumers of a phishing e-mail that has the appearance of being sent from the FDIC. This phishing e-mail, similar to that sent on September 29th, appears to be from the FDIC and ask recipients to click on a hyperlink titled "Take the Corrective Action – Implement the LinkBank System." The fraudulent e-mails are purportedly from "Russell A. Rau, Assistant Inspector General for Audits." The e-mails typically include a "Subject" line that states: "Compliance Examination for [recipient's name inserted]."

However, this is a new variation that includes a new and more dangerous hyperlink. When accessed, the hyperlink downloads an executable file to your computer. FDIC is currently analyzing the executable file; however, it is likely installing a keylogger or similar piece of malicious software. DO NOT click on the link provided in the phishing e-mail.

FDIC Consumer Alert – September 29, 2006

The FDIC has received reports by businesses and consumers of a phishing e-mail that has the appearance of being sent from the FDIC. The fraudulent e-mails appear in "memo format," on FDIC Office of the Inspector General (OIG) letterhead, and is purportedly from "Russell A. Rau, Assistant Inspector General for Audits." The memo includes the recipient's name and address in the "To" line. The "Subject" line states, "Division of Supervision and Consumer Protection's Risk-Focused Compliance Examination Process for [name inserted] (Report No. 05-038)." Note: The fraudulent e-mail use some genuine language obtained from an actual OIG audit report.

The fraudulent memo includes a hyper link called, "Take the Corrective Action -- Implement the LinkBank System." When clicked, the link takes the user to a spoofed FDIC Web page that uses text and logos from FDICconnect pages.

Once on the page, users are asked to "certify" that they "will provide correct information in order to implement the LinkBank System." The "LinkBank System" is described as:

"…a protocol developed by the FDIC and other federal agencies as a way to ensure that the standards for Online Banking security are met. This protocol is based on a client utility, safeConnect, that was developed to be installed on business computers which are used to open Online Banking sessions. This utility only interacts when an online session with a Financial Institution insured by the FDIC is opened, thus it will never interfere with any other applications."

After clicking on the certification radio button, another page is opened that asks for bank name, username, and password.

This e-mail is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT to access the link provided within the body of the e-mail and, under any circumstances, not to provide any personal information through this media.

FDIC Consumer Alert – September 13, 2006

FDIC Special Alert: Fraudulent E-Mail Claims to Be From the FDIC

The FDIC has received a report of another new e-mail that has the appearance of being sent from the FDIC. This one is similar to the incident reported on September 11, 2006 (see below). However, this e-mail asks the recipient to click on a hyperlink to a spoofed Web site where the recipient is asked to enter confidential information.

After starting out with the same description of the FDIC and deposit insurance as Monday's reported phishing e-mail, the new e-mail states that "GoldLeaf Financial Solutions and the FDIC, in collaboration with the leaders in consumer payments processing systems launched SON - Secure Online Network." The e-mail goes on to describe "SON." It also tells the recipient that their "...personal information did not match any SON code..." and asks them to "...follow the link below where you will be redirected to your bank's Initiate-SON website. Once the application is processed, the SON code will be mailed to your bank-statement address."

This e-mail contains various subject lines on the e-mails, such as:

• Online Access Agreement Update
• Urgent Notification - Security Reminder
• SON Registration

Some of the e-mails are "personalized." For example:

"As your personal information did not match any SON code, to confirm that this is your personal information:" and then it includes the person's name, and address.

FDIC Consumer Alert – September 11, 2006

FDIC Special Alert: Fraudulent E-Mail Claims to Be From the FDIC

The FDIC has received a report of a new e-mail that has the appearance of being sent from the FDIC. However, instead of a typical phishing e-mail that might ask the recipient to click on a hyperlink to a spoofed Web site, this e-mail appears to deliver malicious software on to the recipient's computer.

After describing the FDIC and deposit insurance, the e-mail describes "a small client utility" that bank customers are asked to install on home and business computers "which is used to open Online Banking sessions." The e-mail goes on to state that "[t}his utility only starts whenever an online session is opened with a Financial Institution insured by the FDIC, thus it will never interfere with any programs installed on your computer. Please help us combat fraud by installing, ProBank on any computer that is used to open an Online Banking session."

The e-mail also asks institutions to "advertise and market the ProBank's existence to employees, suppliers, third-party service providers and customers." It suggests channels, such as "bank newsletters, memoranda, written policy, and internal and external bank Web sites."