FDIC Phishing Emails

This has happened before, and it’s happening once again now.

People are getting email messages that claim to be from the FDIC (Federal Deposit Insurance Corporation). This is the entity that watches over banks and makes sure you don’t lose your money if your bank would fold. The credit union version is called the NCUA (National Credit Union Administration). They both provide nearly identical services.

These emails inform the potential victim that their bank has failed, and that they need to “check [their] Deposit Insurance coverage” by clicking on a link within the message. Naturally, what happens next is that the scammers obtain your account number, password, and other personal information.

You can only use typography to convey emphasis to a certain extent without getting silly, so in lieu of typing the following in 72-point text, I’ll let bold italics do the job:

The FDIC (or NCUA) is never going to contact you via email for any reason, nor will they ever ask you for personal information, account numbers or passwords.

Got it? As Tom Hulce’s Mozart, on his deathbed, pressed F. Murray Abraham’s Salieri in Amadeus, “Do you have it? Do you have it?!

Good. If you get one of these messages, delete it immediately.

Fraud Alert: FDIC warns of fraudulent emails

The following is the full text of an alert from the Federal Deposit Insurance Corporation (FDIC):

E-mail Claiming to Be From the FDIC – October 26, 2009

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC.

The subject line of the e-mail states: “check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, “You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.”

The e-mail then asks recipients to “visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage” (a fraudulent link is provided). It then instructs recipients to “download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage.”

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

Yet another reminder that you should never follow links in unsolicited email messages, especially those telling you to log in to something. Even if you had an account at a failed bank, the FDIC would have no way of knowing your email address.