Watch out for FDIC phishing scam

A new phishing scam is circulating claiming to be from the FDIC, and containing a Trojan downloader file attachment.

Attention! Dear Depositor -- the FDIC (Federal Deposit Insurance Corporation) is not sending you an e-mail with a mysterious ZIP file attachment. If you receive such a message claiming to be from the FDIC, don't be fooled. The e-mail is a phishing attack, and the attachment is actually malware.

Fred Touchette has some more details about this phishing scam in an AppRiver blog post. Touchette explains, "We often see, as everyone is aware of, malware campaigns that pretend to come from major banking institutions, but I can't recall having seen any that come from their insurers before."

That is true. Phishing scams targeting specific banks or credit unions are fairly common. This threat -- by virtue of claiming to be from the FDIC that insures the deposits of virtually all financial institutions -- has a much larger pool of potential victims. Basically, rather than only targeting Bank of America, or Wells Fargo, or some other bank, this phishing scam targets anyone with a bank account.

Unfortunately -- at least for the attackers -- the message is a bunch of grammatically error prone gibberish. "In order to inform you about the news concerning current business activity of the Company on a timely basis, please, look through the last important changes in current regulations of endowment insurance procedure" doesn't even make sense, so hopefully it is unlikely to lure too many naïve victims to actually open the file attachment as directed.

Touchette describes the actual threat behind the FDIC phishing attack. "In actuality the attachment is a Trojan downloader, one we've become very accustomed to -- Oficla. Oficla is responsible for doing the hard work, which is tricking you into installing it and opening up the backdoor and letting in all of its ne'er-do-well buddies. In the past these have included everything from scareware viruses to data loggers such as ZeuS and everything in between."

With malware and cyber crime being such big business, you would think the attackers could afford to hire some ethically-challenged individuals fluent in English and perhaps do some grammar-proofing and spell-checking of these messages before launching the attack. I'm not trying to help the bad guys, but come on -- this phishing message is so bad it wouldn't fool my eight year old.

The attackers get some bonus points for thinking outside of the box and attempting to spoof the FDIC rather than a specific financial institution, but they fail miserably in the execution department.

Let's sum up with the obligatory warnings. Neither your bank, nor the FDIC will send you an e-mail -- poorly worded or otherwise -- directing you to open up some cryptic file attachment. Just don't do it. If you ever have reason to feel that such a message could potentially be legitimate, delete the e-mail anyway and contact your financial institution directly.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymalwarephishingspamvirusesantispamonline securityAppRiverFederal Deposit InsuranceWells Fargo

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?