Cyber criminals are using fake messages claiming to be from the Federal Deposit Insurance Corporation (FDIC) to deliver a virus capable of stealing unsuspecting victims’ bank passwords and other sensitive personal information, says Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham (UAB).
Warner says the spam is being delivered with one of two subject lines:
FDIC has officially named your bank a failed bank
You need to check your Bank Deposit Insurance Coverage
Warner says that once the message is opened the spam asks users to visit a specific Web site, a link to which is included in the message. Those that follow the link are taken to a page that asks them to click and download a copy of “your personal FDIC insurance file.”
“Unfortunately, anyone who clicks that download link will be downloading a version of the Zeus Bot virus, which has the capacity to steal bank passwords and other financial and personal information,” Warner says.
I know this is nothing new to many of our regular geek readers. Just offering the latest tale of social engineering so you can pass it along to your more gullible kith and kin.
Typically, these creeps are sending these emails out just after banking hours close on a Friday. No way to phone your bank to see if everything is OK – though, I’d think you would know something about who you’re banking with, eh?
This way, people have two days over the weekend to get nervous and pull the trigger.