Cyber Alert
FDIC Phishing Scam
By Federal Deposit Insurance Corporation (FDIC)
Jun 16, 2006, 12:31

FDIC Phishing Scam

US-CERT continues to receive reports of phishing scams that target online users. Recently, the phishing scam targeted the customers of Federal Deposit Insurance Company (FDIC) insured institutions.

Customers of FDIC institutions received a spoofed email message, which claims that their account is in violation of the Patriot Act, and that FDIC insurance has been removed from their account until their identity can be verified. The message provides a link to a malicious web site which prompts users to enter their customer account and identification information.

If you were affected by the FDIC phishing scam, please refer to the FDIC Consumer Alert for assistance.

US-CERT confirms that the federal agencies including Department of Homeland Security (DHS) mentioned in the fraudulent email have not sent out an email that requests customer account or identification information.

US-CERT encourages users to report phishing incidents based on the following guidelines:

• Federal Agencies should report phishing incidents to US-CERT.
• Non-federal agencies and other users should report phishing incidents to OnGuard Online, a consortium of Federal Agencies.

Additionally, users are encouraged to take the following measures to prevent phishing attacks from occurring:

1. Do not follow unsolicited web links received in email messages.
2. Contact your financial institution and file a complaint with the Federal Trade Commission (FTC) immediately if you believe your account or financial information has been compromised.
3. Review FTC's web site on how to protect yourself from identity theft.
4. Review the OnGuard Online practical tips to guard against Internet fraud, secure your computer, and protect your personal information.
5. Refer to the US-CERT Cyber Security Tip on Avoiding Social Engineering and Phishing Attacks.
6. Refer to the CERT Coordination Center document on understanding Spoofed/Forged Email.