FDIC Phishing E-Mail Alert
We received the following e-mail at TSB Bank and we know of others that have received similar e-mails. TSB Bank depositors are insured by the FDIC and an e-mail such as this can certainly catch the unwary. The contents of this e-mail are a phishing attempt and should not be regarded as a legitimate communication from the FDIC. The FDIC has added this e-mail as a consumer alert on their site.
Part of the battle against phishing and other fraudulent e-mail is to know what they look like. If you know what to look for, fraudulent e-mail is usually fairly easy to detect and ignore.
I have copied the text of the e-mail below in italics and have added my own comments to the e-mail and those will appear in bold print. Dangerous hyperlinks have been removed.
The "From" address on these e-mails is "firstname.lastname@example.org" This e-mail address is used by the FDIC in their antifraud efforts.
The subject lines of the phishing attempt that we received were of the form "you need to check your Bank Deposit Insurance Coverage" or "FDIC has officially named your bank a failed bank." As is typical from phishing attempts, the subject line is meant to instill a sense of fear in the reader and convince them to follow the provided link. Another giveaway is that the subject line doesn't reference any particular bank, but rather a nebulous and scary "your" bank.
You have received this message because you are a holder of a FDIC-insured bank account.
It is the understanding of TSB Bank that the FDIC does not contact the customers of failed institutions. Rather, the FDIC will issue a press release about the bank failure and provide contact information for both the acquiring institution and the FDIC where customers can call with questions. The FDIC will not ask for a customer's private data via an e-mail.
Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.
This is another example of the e-mail attempting to scare the reader into following the link. If there is any question on whether or not the FDIC has closed any given bank, all the information that is needed to find out what that bank's customers need to do can be found at www.fdic.gov. The FDIC also maintains a summary of closed banks and a contact search for those banks.
The FDIC also has a nice tool to determine the amount of isurance coverage for any depositor at any failed bank. For all depositors, the FDIC also has an insurance estimator tool called "EIDE" - the Electronic Deposit Insurance Estimator - available on its website.
You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage:
There is the call to visit the website!
• Visit FDIC website: http://email@example.com&id=489943889935890844227667243809304087463
Visual inspection of the URL looks like this is valid as the text of the URL shows that you are to visit the www.fdic.gov website. But why would the FDIC ask that you follow a link to a nonsecure site while dealing with private financial information?
Further inspection into the URL reveals that this was sent as a prototypical phishing attempt by redirecting the website to a third party site that is not hosted by the FDIC. Remember that a URL can be copied from an e-mail into a web browser and examined before following any links provided.
• Download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage
Why would the FDIC ask someone to download a file? That is also something that should be seen as suspicious
Federal Deposit Insurance Corporation
This e-mail was signed by the "Federal Deposit Insurance Corporation and did have an FDIC logo located at http://service.govdelivery.com/banners/USFDIC/usfdic.gif - some digging shows that this actually appears to be valid.
The link provided is a giveaway that the e-mail is a phishing attempt.
Another thing to look at when making the determination of whether an e-mail is legitimate or not is to look at the "message headers." In Microsoft Outlook, these can be found by right-clicking on the message and selecting "options." In this particular e-mail, the "Received From: " header was bd7b769f.virtua.com.br (bd7b769f.virtua.com.br [188.8.131.52] (may be forged)). The FDIC would never send an e-mail from a Brazilian IP address - or from any IP address not owned by fdic.gov.
TSB Bank will NOT send you an e-mail asking for your account or demographic information. If you ever feel that you have received a phishing message that purports to be from us, just contact us and tell us that you've had fraudulent e-mail in our name and we'll investigate what has happened.