You may well have received phishing emails before. They pose as messages from trustworthy firms such as banks, government agencies, or credit card companies. A new phishing scam poses as an email from one of the most trustworthy institutions: the Federal Deposit Insurance Corporation. Keep reading for the details.
Phishing attacks are nothing new to the Internet landscape. If you use email, the likelihood that you have come across a phishing email message is quite high. What is a phishing attack? It's when someone tries to acquire sensitive information, such as your username or password on a site, credit card information, and more.
What make phishing attacks rather interesting is that they usually come in the form of emails that appear to be from a trustworthy source. Banks, credit card companies, the Internal Revenue Service, and more are often used. There is a new scam that has hit the Internet that comes from a different phony source. Instead of disguising itself as an individual bank, the new scam poses as the FDIC, or Federal Deposit Insurance Corporation.
The FDIC is responsible for insuring deposits at financial institutions. Many people are aware of its existence and have heard its initials mentioned at one time or another. This makes it a decent cloak for the hackers that created the email scam. Also, by using an institution like the FDIC instead of a specific bank, the scammers have a better chance of duping more users, since the FDIC affects anybody with a bank account.
The email message in question comes complete with a template that looks official. It has a blue header with the FDIC name and logo at the top. While the message does look official, its contents appear to be very suspicious and amateur due to poor grammar. The first paragraph of the message says, “Dear Depositor, this message was sent to you as you had indicated this e-mail address as a contact, by opening an account in your bank department.” One would expect better grammar from a federal institution.
The message continues, this time urging the user to click on an attachment. The poor grammar appears once again. “In order to inform you about the news concerning current business activity of the Company on a timely basis, please, look through the last important changes in current regulations of endowment insurance procedure. Please, refer to more detailed information in the attached document.” Instead of naming a specific entity, the email names “the Company.” The reported sender behind the message is the FDIC's “Investors Relations Department.”
If a user overlooks the poor grammar and lack of detail in the message, they might click the attachment labeled “document.zip.” The attachment is actually a Trojan downloader called Oficla. Oficla tricks you into allowing the download to execute, and has been associated with data loggers, scareware, and other forms of malware in the past.
If you do receive an email claiming to be from a bank, the IRS, FDIC, or other institution that looks to be suspicious, do not click on any attachments. Also, avoid giving out sensitive information. You should delete the email and contact the institution directly with any questions or concerns you may have.
For more on this topic, visit http://www.pcworld.com/businesscenter/article/220125/watch_out_for_fdic_phishing_scam.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou