he Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that appear to be from the FDIC and contain an infected attachment.
The fraudulent e-mails have addresses such as "email@example.com" or "firstname.lastname@example.org" on the "From" line. The message appears, with spelling and grammatical errors, as follows:
Subject line: "FDIC notification"
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.
As soon as it is setup, you transaction abilities will be fully restored.
Best Regards, Online Security departament, Federal Deposit Insurance Corporation."
The e-mails contain an attachment "FDIC_document.zip" that will likely release malicious software if opened. These e-mails and attachments are fraudulent and were not sent by the FDIC. Recipients should consider these e-mails an attempt to collect personal or confidential information, or to load malicious software onto end users' computers. Recipients should NOT open the attachment.
Financial institutions and consumers should be aware that these fraudulent e-mails may be modified over time with other subject lines, sender names, and narratives. The FDIC does not directly contact consumers, nor does the FDIC request bank customers to install software upgrades.
Information about counterfeit items, cyber-fraud incidents, and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 3501 North Fairfax Drive, CH-11034, Arlington, Virginia 22226, or transmitted electronically to email@example.com. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.
New Computer Virus May Prompt Online Fraud Attempt Please be on the lookout for a new computer virus that may be on your computer. This virus may cause a fraudulent screen to appear in the online Bill Payment window. The screen posts messages that attempt to trick you into providing sensitive information such as your account numbers and passwords - information the bill payment system already knows and you should not provide again.
If you are using online Bill Payment and a new screen appears out of context asking you to provide sensitive information, do not provide this information!
Currently, our information maintains that this virus affects only the Bill Payment area. If you have not yet updated your computer with Multiple Factor Authentication, you may be asked to provide answers to three questions of your choice. These three questions are not caused by the virus and are designed to protect you from online fraud. If you have any doubts or concerns about online fraud, or the validity of a particular screen, please call your Private Banker before entering any sensitive information at 312.280.0360.
At Delaware Place Bank, we know how important the security and confidentiality of your personal information is to you. At Delaware Place Bank, we protect your information on the internet with the utmost of care and the highest industry standards for online security, including Secure Socket Layer (SSL) to secure your online sessions. The following is a resource for you to use in keeping up to date with the latest methods hackers use to access your account.
Virus, Worms and Trojans A virus is a software program that copies itself and infects a computer without the user's knowledge. A virus can be harmless but annoying like installing pop-ups, but a virus can also be dangerous like deleting files from your computer. A virus is spread when the host file is sent to another destination.
A worm can spread itself to other computers without being transferred as part as a host. A Trojan (Trojan Horse) is a program that installs malicious software while under the disguise of doing something else.
Spyware Spyware is computer software that secretly downloads and installs itself on a computer and can do a number of functions, mainly collecting information that the user enters into the computer. Other functions are – controlling the computer such as installing additional software and redirecting web browser activity. Although some Spyware is not harmful to your computer, other Spyware can retrieve all your personal information and pass it on to third parties. Spyware can greatly affect the performance of your computer.
Adware Computer software that secretly downloads itself to a computer and runs in the background. Adware's main function is to show the user advertisements, with or without the users consent.
Prevention The best way to prevent against Viruses, Spyware and Adware is to maintain an updated version of a personal firewall and anti-virus software on your computer. Anti-virus programs are widely available in shops and online.
Please note: Most personal firewalls will block Spyware/Adware and other known unwanted computer software packages.
Internet and Identity Theft Scams There are a growing amount of scams on the internet that involves the stealing of your identity. Scammers are using different methods to redirect users to 'fake' websites that do not belong to the company name that is on the website, but the fake webpage asks the user to enter their personal details.
The following are common terms used for internet and identity theft –
Phishing – A criminal activity using social engineering. A webpage is reproduced to look like the legitimate webpage, and illegally collects all information entered into the webpage.
Pharming – Is an attack that redirects a website to go to another bogus website, imitating the legitimate website and illegally retrieves personal information.
Vhishing – A criminal activity using social engineering over VoIP telephones. The criminal uses automated recordings to get a user to give non-public information over the phone.
Smishing – The user receives a SMS text message telling them to go to a website to confirm their subscription to a service. When visiting the website, a Trojan horse is downloaded to their computer.
1. If you receive unsolicited email that asks you directly, or through a website, for personal financial or identity information e.g. Social Security Number or passwords, you should use extreme caution and if in doubt, contact someone within the intended institution.
2. Always open a new web browser and type the web address into the address bar if you are going to input non-public information into a website. Sometimes you will get an email telling you to click on a link to access the website, this could be a spoof. If a website address is unfamiliar, then it probably isn't real.
3. Regularly monitor your bills and statements.
4. If you have any doubts about an e-mail or website, contact the legitimate company directly and ask them to verify the e-mail or address.
5. If you're a victim of any of the above, contact your local police department. You can also report identify theft with the FTC at the following website - http://www.ftc.gov/bcp/edu/microsites/idtheft/.
For more information, please refer to the Federal Trade Commission site at www.ftc.gov and the Federal Deposit Insurance Corporation at www.fdic.gov.
If you have suspicion about anything you find on the web that may purport to be from Delaware Place Bank, please contact your Private Banker immediately at 312.280.0360.