According to the FDIC, the e-mail, addressed to "Business Owners," reads: "We have important information about your bank. Please click here to see information. ... This includes information on the acquiring bank [if applicable], how your accounts and loans are affected and how vendors can file claims against the receivership."
The FDIC is quick to point out that it does not issue unsolicited e-mails to consumers or business accountholders. But the scheme is yet another example of how phishers are perfecting their techniques, by taking advantage of trusted sources such as the FDIC, and preying on the fears of business owners during a time of continual bank failures and ACH/wire fraud incidents. [See China Wire Fraud: Warning to Banks].
In March, fraudsters even used NACHA - The Electronic Payments Authority to veil phishing e-mails to consumers. George Tubin, a fraud analyst at TowerGroup, said the NACHA scheme did not make much sense, since most consumers don't know what NACHA is, but the scheme must have been relatively fruitful, he says. "This has been going on for a while." NACHA first reported suspicious e-mail activity connected with its name last July.
It's also not the first time the FDIC has been used as the guise for a socially engineered attack. Last September, a phone-based vishing attack hit consumers, claiming to be from the FDIC. During that scheme, vishers told consumers they were delinquent in loan payments that had been applied for over the Internet or made through a payday lender. The loans may or may have not even existed, giving the vishers opportunity to collect personal information to confirm the authenticity of the loans. Recipients of the calls said the vishers requested everything from Social Security numbers to dates of birth.