The FDIC has received reports by businesses and consumers of a phishing e-mail that has the appearance of being sent from the FDIC. The fraudulent e-mails appear in "memo format," on FDIC Office of the Inspector General (OIG) letterhead, and is purportedly from "Russell A. Rau, Assistant Inspector General for Audits." The memo includes the recipient's name and address in the "To" line. The "Subject" line states, "Division of Supervision and Consumer Protection's Risk-Focused Compliance Examination Process for [name inserted] (Report No. 05-038)." Note: The fraudulent e-mail use some genuine language obtained from an actual OIG audit report.
The fraudulent memo includes a hyper link called, "Take the Corrective Action -- Implement the LinkBank System." When clicked, the link takes the user to a spoofed FDIC Web page that uses text and logos from FDICconnect pages.
Once on the page, users are asked to "certify" that they "will provide correct information in order to implement the LinkBank System." The "LinkBank System" is described as:
"…a protocol developed by the FDIC and other federal agencies as a way to ensure that the standards for Online Banking security are met. This protocol is based on a client utility, safeConnect, that was developed to be installed on business computers which are used to open Online Banking sessions. This utility only interacts when an online session with a Financial Institution insured by the FDIC is opened, thus it will never interfere with any other applications."
After clicking on the certification radio button, another page is opened that asks for bank name, username, and password.
This e-mail is a fraudulent attempt to obtain personal information from consumers. Consumers should NOT to access the link provided within the body of the e-mail and, under any circumstances, not to provide any personal information through this media.
###
FDIC Consumer Alert - Fraudulent E-mail
