Network News

X My Profile
View More Activity

Nastygram: Spoofed FDIC bank fail e-mail


Spam e-mails mimicking the Federal Deposit Insurance Corp. and warning of additional bank failures are instead the latest bid by cyber crooks to empty your bank account, security experts warn.

The messages arrive with subjects such as "FDIC has officially named your bank a failed bank," and "Check your Bank Deposit Insurance Coverage." The missives warn: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."

Recipients are instructed to click a link that opens one of dozens of Web sites with names crafted to look like The links lead to a counterfeit FDIC page that offers a copy of "your personal FDIC insurance file" to see whether your coverage has been impacted.

The files are offered as Adobe PDF or Microsoft Word documents, but downloading the files show them to be executable programs (.exe files). According to M86 Security Labs, the files will drop a copy of the Zeus/Zbot password-stealing Trojan on victim PCs.

In an alert posted Tuesday about this scam, the real FDIC is urging people not to access the bogus sites or download the files, saying it is "attempting to identify the source of the e-mails and disrupt the transmission." M86 Security Labs said the spam is being blasted out through the Pushdo botnet, a giant collection of hacked PCs that is often rented out to spam artists and scammers.


By Brian Krebs  |  October 28, 2009; 11:40 AM ET
Categories:  Fraud , Latest Warnings , Safety Tips  | Tags: fdic, zeus  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Former anti-virus researcher turns tables on industry
Next: DHS: PhoneSnoop app bugs BlackBerrys


Interesting to note that all of the spammed domains - when they aren't already dead on arrival, as most of them appear to be, also always feature each of the previous attempts?

Today's Facebook spoof also hosts:

Fake FDIC "Your bank has failed" exploit.
Towernet / Capital One
IRS "Underreported Income" spoof.
The "Your Email Provider" spoof (password reset due to server maintenance)
"Key Total Treasury"

Missing from this list was the Gmail spoof of Oct. 19th and Bank of the West dating back to Aug. 31st.

They clearly don't clean up after themselves.

SiL / IKS / concerned citizen

Posted by: killspammerz | October 28, 2009 3:22 PM | Report abuse

Thanks, Brian, for your timely article. One of the best defenses against online scams is public awareness. If you could write this kind of alert on a regular basis, that would be great for the public. The alerts will spread by word of mouth, far beyond the readership of Washington Post.

Posted by: bentleychan | October 29, 2009 2:55 AM | Report abuse

The phishing spammers take advantage of two major factors, one is fear (and fear is what seems to be the easiest emotion to inject into people) and the second is greed.

If you post these kinds of warnings often enough, then hopefully some of the readers would learn to know better than to fall for these tricks, and have less fear. They may even call up their banks to find out what the truth is.

As for greed, that is something no can do anything about. The "Nigerian share the loot" scam seems to continue at the same brisk ace as it always has.

Posted by: Smileyhari | October 29, 2009 3:18 AM | Report abuse

Thank Microsoft for making this crime possible.

Posted by: hairguy01 | October 29, 2009 6:49 AM | Report abuse

hairguy01 said "Thank Microsoft for making this crime possible."

Just wanted to point out that this isn't exclusively a problem with Microsoft. This is a social exploit that can affect users of any email client/browser. Some may do a better job of notifying possible phishing techniques, but the user will still be the weakest link in the attacks.

Posted by: jim_maryland | October 29, 2009 12:24 PM | Report abuse

Often times the spammers blast email regarding a bank that you usually do or don't have an account with. That's the first clue. I've gotten my share and I just delete it because I know the bank don't send you email to verify anything period just like jim_maryland said the weakest link is the person responding to it.

Posted by: beeker25 | October 29, 2009 1:09 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company