DATE: September 13, 2006
TO: Chief Executive Officer (also of interest to Security Officer)
SUBJECT: Fraudulent E-Mail Claims to Be From the FDIC
The FDIC has received a report of a new e-mail that has the appearance of being sent from the FDIC. However, instead of a typical phishing e-mail that might ask the recipient to click on a hyperlink to a spoofed Web site, this e-mail appears to deliver malicious software on to the recipient's computer.
After describing the FDIC and deposit insurance, the e-mail describes "a small client utility" that bank customers are asked to install on home and business computers "which is used to open Online Banking sessions." The e-mail goes on to state that "[t}his utility only starts whenever an online session is opened with a Financial Institution insured by the FDIC, thus it will never interfere with any programs installed on your computer. Please help us combat fraud by installing, ProBank on any computer that is used to open an Online Banking session."
The e-mail also asks institutions to "advertise and market the ProBank's existence to employees, suppliers, third-party service providers and customers." It suggests channels, such as "bank newsletters, memoranda, written policy, and internal and external bank Web sites."
This e-mail is a fraudulent attempt to obtain personal information from consumers and businesses. Consumers and businesses should NOT click the link provided within the body of the e-mail or install any software on their computer which is unfamiliar.
Additionally, financial institutions should not "advertise and market the ProBank's existence" to anyone as the e-mail suggests.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to firstname.lastname@example.org.