Watch out for FDIC phishing scam

A new phishing scam is circulating claiming to be from the FDIC, and containing a Trojan downloader file attachment.

Attention! Dear Depositor -- the FDIC (Federal Deposit Insurance Corporation) is not sending you an e-mail with a mysterious ZIP file attachment. If you receive such a message claiming to be from the FDIC, don't be fooled. The e-mail is a phishing attack, and the attachment is actually malware.

Fred Touchette has some more details about this phishing scam in an AppRiver blog post. Touchette explains, "We often see, as everyone is aware of, malware campaigns that pretend to come from major banking institutions, but I can't recall having seen any that come from their insurers before."

That is true. Phishing scams targeting specific banks or credit unions are fairly common. This threat -- by virtue of claiming to be from the FDIC that insures the deposits of virtually all financial institutions -- has a much larger pool of potential victims. Basically, rather than only targeting Bank of America, or Wells Fargo, or some other bank, this phishing scam targets anyone with a bank account.

Unfortunately -- at least for the attackers -- the message is a bunch of grammatically error prone gibberish. "In order to inform you about the news concerning current business activity of the Company on a timely basis, please, look through the last important changes in current regulations of endowment insurance procedure" doesn't even make sense, so hopefully it is unlikely to lure too many naïve victims to actually open the file attachment as directed.

Touchette describes the actual threat behind the FDIC phishing attack. "In actuality the attachment is a Trojan downloader, one we've become very accustomed to -- Oficla. Oficla is responsible for doing the hard work, which is tricking you into installing it and opening up the backdoor and letting in all of its ne'er-do-well buddies. In the past these have included everything from scareware viruses to data loggers such as ZeuS and everything in between."

With malware and cyber crime being such big business, you would think the attackers could afford to hire some ethically-challenged individuals fluent in English and perhaps do some grammar-proofing and spell-checking of these messages before launching the attack. I'm not trying to help the bad guys, but come on -- this phishing message is so bad it wouldn't fool my eight year old.

The attackers get some bonus points for thinking outside of the box and attempting to spoof the FDIC rather than a specific financial institution, but they fail miserably in the execution department.

Let's sum up with the obligatory warnings. Neither your bank, nor the FDIC will send you an e-mail -- poorly worded or otherwise -- directing you to open up some cryptic file attachment. Just don't do it. If you ever have reason to feel that such a message could potentially be legitimate, delete the e-mail anyway and contact your financial institution directly.

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityspamFederal Deposit InsuranceantispamvirusessecurityWells FargophishingAppRivermalware

More about Federal Deposit InsuranceFredWells Fargo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place