Phishing Scheme Uses FDIC

Businesses Hit with Bogus Account Warning
Phishing Scheme Uses FDIC
The Federal Deposit Insurance Corp. has received numerous reports from business owners about fraudulent e-mails that purport to be from the FDIC. The e-mail appears to be sent from and includes the subject line: FDIC: Your business account.

According to the FDIC, the e-mail, addressed to "Business Owners," reads: "We have important information about your bank. Please click here to see information. ... This includes information on the acquiring bank [if applicable], how your accounts and loans are affected and how vendors can file claims against the receivership."

The FDIC is quick to point out that it does not issue unsolicited e-mails to consumers or business accountholders. But the scheme is yet another example of how phishers are perfecting their techniques, by taking advantage of trusted sources such as the FDIC, and preying on the fears of business owners during a time of continual bank failures and ACH/wire fraud incidents. [See China Wire Fraud: Warning to Banks].

In March, fraudsters even used NACHA - The Electronic Payments Authority to veil phishing e-mails to consumers. George Tubin, a fraud analyst at TowerGroup, said the NACHA scheme did not make much sense, since most consumers don't know what NACHA is, but the scheme must have been relatively fruitful, he says. "This has been going on for a while." NACHA first reported suspicious e-mail activity connected with its name last July.

It's also not the first time the FDIC has been used as the guise for a socially engineered attack. Last September, a phone-based vishing attack hit consumers, claiming to be from the FDIC. During that scheme, vishers told consumers they were delinquent in loan payments that had been applied for over the Internet or made through a payday lender. The loans may or may have not even existed, giving the vishers opportunity to collect personal information to confirm the authenticity of the loans. Recipients of the calls said the vishers requested everything from Social Security numbers to dates of birth.

About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network