E-mail recipients may receive notification that appears to be from the Federal Deposit Insurance Corporation (FDIC) with instructions to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. Better Business Bureau says don't do it.
The FDIC released a statement confirming that the e-mails are fraudulent.
Hackers are exploiting the FDIC name to trick people into downloading an executable file—which may contain Spyware or a malicious virus—aimed at siphoning private records from innocent computer users.
The bogus e-mail's subject line says, "Check your Bank Deposit Insurance Coverage." The text in the e-mail reads: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
Recipients are asked to "visit the official FDIC website" by clicking on a masked hyperlink provided in the e-mail; although the link resembles the FDIC site, it redirects recipients to an artificial Web site—allegedly intended to infect computers with viruses or other harmful files. This mass e-mail breach may be an unlawful attempt to gain access to online banking accounts or steal identities.
Those who receive this e-mail should not click provided links or open enclosed attachments. Instead, forward the fraudulent e-mail to the FDIC's Cyber-Fraud and Financial Crimes Section at email@example.com. Meanwhile, the FDIC investigates the source.
BBB serving Alaska, Oregon and Western Washington provides tips to insure the safety of personal computer files:
Install and maintain anti-virus software, firewalls, and e-mail spam filters.
Never respond to e-mail requests for personal or bank account information.
Do not click Web site links received in unsolicited e-mail messages.
Carefully examine the Web address. Bogus sites are designed to look nearly identical to the real ones; however, there are usually slight variations, such as ending in ".net" when it should be ".com."
Instead of connecting to a link recommended by e-mail, manually type in the URL in the Web address bar after checking its authenticity on a search engine.
Notify the real company, financial institution or government agency if you receive questionable correspondence and contact them using a phone number or e-mail address from a reliable, public directory.
If banking or purchasing items over the Internet, always double-check that the site is secured.
Check with your BBB or the FDIC to learn how to identify phishing scams. If you suspect any e-mail or Web site is fraudulent, report it to the Internet Crime Complaint Center at www.ic3.gov.