Scam Targets Consumer Bank Accounts
FDIC warns of a new hoax e-mail that 'phishes' for financial data.
Todd R. Weiss, Computerworld
Consumers and financial institutions are being warned of a new e-mail scam that purports to be from the Federal Deposit Insurance Corporation, advising consumers to click on an attached file for more information about alleged fraudulent activity regarding their bank accounts.
Instead, the attached file is either a computer virus or a program that can steal personal information from a computer and send it to the scammer, says David Barr, a FDIC spokesperson.
Crux of Hoax
The FDIC says the e-mail messages carry a return address of "security" at fdic.com, with a subject line reading "fraud report". The e-mail tells recipients that their bank accounts have been temporarily closed because of fraudulent activity. It directs the recipients to open an attached file for details related to the fraudulent activity as well as for information on how to contact the FDIC.
The first report of the scam was made to the FDIC by a U.S. consumer Wednesday morning, Barr says.
"We got a complaint from a consumer that they had received one of these e-mails, and they wanted to know if it was true," he says.
The FDIC didn't send out the e-mail messages, Barr says.
"We've detected that the attachment has a virus," he says. FDIC security personnel are still working to determine what the virus does on target machines. As of late Thursday, the agency had received about 100 inquiries by phone and e-mail from recipients of the fake messages. Warnings have already been circulated by the agency to more than 9100 financial institutions across the country, Barr adds.
The agency reminds consumers who receive any such messages to delete them without opening the attached file.
Previous Scams
The FDIC was also hit in January when another "phishing" scam tried to lure consumers into entering their personal bank account information onto a Web page purportedly from the agency.
In that scam, e-mail messages told consumers their federal deposit insurance had been canceled because of alleged fraud, and then asked them to click a link to go to a Web page to report problems. Instead, the link sent the user to a non-FDIC Web site overseas, Barr says.
The agency is still working with the FBI and other agencies to try to track down the originator of that scam, he adds.
The FDIC, created by Congress in 1933 to restore public confidence in the U.S. banking system during the Depression, insures deposits at the nation's 9182 banks and savings associations. It doesn't routinely contact consumers, but primarily deals with its member financial institutions, Barr says.
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
