Security Alert: FDIC E-mail Phishing Scam
This information was provided to First Command Bank in an FDIC Special Alert dated January 12, 2011.
Summary: E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided. If you receive this type of e-mail, do not click on any of the links and report the fraudulent e-mail to firstname.lastname@example.org.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that "in cooperation with the Department of Homeland Security, federal, state and local governments…" the FDIC has withdrawn deposit insurance from the recipient's account "due to account activity that violates the Patriot Act." It further states deposit insurance will remain suspended until identity and account information can be verified using a system called "IDVerify." If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient's computer.
This e-mail is fraudulent. It was not sent by the FDIC. It is an attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.
The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to email@example.com.
Recommended Mitigation Strategy
First Command Bank advises consumers to never give out confidential or personal information when receiving unsolicited phone calls or e-mails. First Command Bank will never ask for sensitive financial or personal information, such as account numbers, passwords and Social Security numbers, in an unsolicited e-mail message.
In addition, do not reply to or comply with any e-mail message that:
- Asks you to enter sensitive financial or personal information (account number, User ID, password, Social Security number) directly into the e-mail or on a non-secure web page
- Asks you to confirm or refresh your bank account, credit card or billing information
- States that your account has been compromised or that there has been third-party activity on your account, and asks that you enter or confirm your account information
- States that there are unauthorized charges on your account and asks that you enter or confirm your account information
- Threatens to close or suspend your account if you do not immediately supply the requested information
- Solicits your participation in a survey where you are asked to enter sensitive financial or personal information