Phishing Scheme Uses FDIC

Businesses Hit with Bogus Account Warning

By , May 3, 2011.
Phishing Scheme Uses FDIC

T

See Also: The Evolution of Advanced Malware

he Federal Deposit Insurance Corp. has received numerous reports from business owners about fraudulent e-mails that purport to be from the FDIC. The e-mail appears to be sent from alert@fdic.gov and includes the subject line: FDIC: Your business account.

According to the FDIC, the e-mail, addressed to "Business Owners," reads: "We have important information about your bank. Please click here to see information. ... This includes information on the acquiring bank [if applicable], how your accounts and loans are affected and how vendors can file claims against the receivership."

The FDIC is quick to point out that it does not issue unsolicited e-mails to consumers or business accountholders. But the scheme is yet another example of how phishers are perfecting their techniques, by taking advantage of trusted sources such as the FDIC, and preying on the fears of business owners during a time of continual bank failures and ACH/wire fraud incidents. [See China Wire Fraud: Warning to Banks].

In March, fraudsters even used NACHA - The Electronic Payments Authority to veil phishing e-mails to consumers. George Tubin, a fraud analyst at TowerGroup, said the NACHA scheme did not make much sense, since most consumers don't know what NACHA is, but the scheme must have been relatively fruitful, he says. "This has been going on for a while." NACHA first reported suspicious e-mail activity connected with its name last July.

It's also not the first time the FDIC has been used as the guise for a socially engineered attack. Last September, a phone-based vishing attack hit consumers, claiming to be from the FDIC. During that scheme, vishers told consumers they were delinquent in loan payments that had been applied for over the Internet or made through a payday lender. The loans may or may have not even existed, giving the vishers opportunity to collect personal information to confirm the authenticity of the loans. Recipients of the calls said the vishers requested everything from Social Security numbers to dates of birth.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Barriers to Passing Federal Breach Notification Bill

Despite bipartisan rhetoric, comments from lawmakers and witnesses at a Jan. 27 House hearing...

Latest Tweets and Mentions

ARTICLE Barriers to Passing Federal Breach Notification Bill

Despite bipartisan rhetoric, comments from lawmakers and witnesses at a Jan. 27 House hearing...

The ISMG Network