Fraudulent Email Claiming to be from the FDIC
GSA Reference Number: AD091026-01
Simply Put: A phishing email is currently circulating that appears to be from the Federal Deposit Insurance Corporation (FDIC). The email includes a link that will forward users to a fraudulent website that will request personal information and attempt to infect the user’s machine with viruses. We have already detected infections at several financial institutions as a result of this email.
Attack Details: The email appears to be from “consumeralerts@fdic.gov” and the subject of the email states “you need to check your Bank Deposit Insurance Coverage”. The email also includes a link and asks users to visit the link and verify personal information. When the link is clicked, the user is forwarded to a page similar to an FDIC page, and the page requests personal information. To make matters worse, when the link is clicked, the page also automatically downloads at least two malicious executables.
Countermeasures: Users will need to be notified of the email immediately and informed to delete the email. Any currently infected machines will need to be removed from the network, and the necessary incident response measures enacted. Gladiator is adding recognition patterns to our eShield email service to deny emails matching the current phishing scheme and will continue to block sites at the firewall if they are found to be hosting this scam.
Reference Links:
- FDIC Advisory (http://www.fdic.gov/consumers/consumer/alerts/index.html)
- Gladiator’s Malware Basics archive, including detection and response plans for infected machines – (http://research.gladtech.net/index.php/category/guide/ )
- Symantec Article (http://www.symantec.com/connect/blogs/malicious-attacks-depositors-phony-fdic-warnings)