Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Watch out for FDIC phishing scam

A new phishing scam is circulating claiming to be from the FDIC, and containing a Trojan downloader file attachment.

Attention! Dear Depositor -- the FDIC (Federal Deposit Insurance Corporation) is not sending you an e-mail with a mysterious ZIP file attachment. If you receive such a message claiming to be from the FDIC, don't be fooled. The e-mail is a phishing attack, and the attachment is actually malware.

Fred Touchette has some more details about this phishing scam in an AppRiver blog post. Touchette explains, "We often see, as everyone is aware of, malware campaigns that pretend to come from major banking institutions, but I can't recall having seen any that come from their insurers before."

That is true. Phishing scams targeting specific banks or credit unions are fairly common. This threat -- by virtue of claiming to be from the FDIC that insures the deposits of virtually all financial institutions -- has a much larger pool of potential victims. Basically, rather than only targeting Bank of America, or Wells Fargo, or some other bank, this phishing scam targets anyone with a bank account.

Unfortunately -- at least for the attackers -- the message is a bunch of grammatically error prone gibberish. "In order to inform you about the news concerning current business activity of the Company on a timely basis, please, look through the last important changes in current regulations of endowment insurance procedure" doesn't even make sense, so hopefully it is unlikely to lure too many naïve victims to actually open the file attachment as directed.

Touchette describes the actual threat behind the FDIC phishing attack. "In actuality the attachment is a Trojan downloader, one we've become very accustomed to -- Oficla. Oficla is responsible for doing the hard work, which is tricking you into installing it and opening up the backdoor and letting in all of its ne'er-do-well buddies. In the past these have included everything from scareware viruses to data loggers such as ZeuS and everything in between."

With malware and cyber crime being such big business, you would think the attackers could afford to hire some ethically-challenged individuals fluent in English and perhaps do some grammar-proofing and spell-checking of these messages before launching the attack. I'm not trying to help the bad guys, but come on -- this phishing message is so bad it wouldn't fool my eight year old.

The attackers get some bonus points for thinking outside of the box and attempting to spoof the FDIC rather than a specific financial institution, but they fail miserably in the execution department.

Let's sum up with the obligatory warnings. Neither your bank, nor the FDIC will send you an e-mail -- poorly worded or otherwise -- directing you to open up some cryptic file attachment. Just don't do it. If you ever have reason to feel that such a message could potentially be legitimate, delete the e-mail anyway and contact your financial institution directly.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Federal Deposit Insurance, Fred, Wells Fargo
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: antispam, AppRiver, Federal Deposit Insurance, malware, online security, phishing, security, spam, viruses, Wells Fargo
Latest Blog Posts
Whitepapers
  • Optimizing Storage and Protecting Data with Oracle Database 11g
    This paper focuses on key Oracle Database 11g capabilities that help IT departments better optimise their storage infrastructure, enabling administrators to deliver a cost-effective, scalable data management platform that is easy to manage, reduces costs, and protects data while continuing to deliver the performance and availability that today’s businesses require.
    Learn more »
  • Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
    Service-oriented architecture (SOA) has moved beyond hype to widespread acceptance as an IT strategy for delivering business value. SOA promotes the notion of modularity, providing overwhelming flexibility and superior economics for addressing business demands. However, undertaking the transformation to SOA is not without its challenges. If left unchecked, your inventory of SOA assets will become unmanageable; the reuse of services will diminish in favor of custom development; or even worse, modifications will be made to your existing services that break other business processes. The purpose of SOA governance is to help you ensure that this does not happen. This paper outlines the most compelling reasons for you to establish SOA governance within your organization.
    Learn more »
  • Printer Usage and Cost Management Strategies for the Australian Mid-market, an Unrealised Opportunity
    This whitepaper was commissioned to aid senior business and ICT decision makers of medium-sized government and corporate organisations, including marketing, finance, and technology executives to better understand the current use of print devices including copiers, printers and multi-function Page 19 Reproductions in whole or in part are prohibited. This whitepaper also provides insights into how current management practices can be improved to optimise investments and improve sustainability. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments