The Federal Deposit Insurance Corporation (FDIC) is warning consumers, businesses and financial institutions to be aware of fraudulent e-mails allegedly from, or related to, financial institutions that have been the subject of recent news stories. Phishing e-mails often incorporate aspects of high-profile news stories – such as bank mergers, acquisitions and failures – to create a sense of urgency and legitimacy for requesting information or action.
These types of fraudulent e-mails may request recipients to verify computer logon credentials, update personal information, or activate new online security features. The fraudulent e-mails may include a link that directs the recipient to a fraudulent or "spoofed" Web site that looks similar to the subject institution's legitimate Web site. Once there, users may be prompted to provide information about online banking credentials or other personal and confidential information that could be used to gain unauthorized access to online banking services or perpetrate identity theft. These spoofed Web sites may also direct the user to download software updates or digital certificates, which may actually be malicious code or software attempting to collect online banking credentials or other personal and confidential information.
Consumers, businesses and financial institutions should be wary of unsolicited e-mails purportedly from financial institutions recently in the news and take the following precautions:
- Do not follow Web links in unsolicited e-mails from apparent financial institutions. Instead, use Web browser bookmarks or type your institution's Web address into the browser address bar when accessing your bank's Web site or online banking services.
- Always use anti-virus software and ensure the virus signatures are automatically updated. Ensure the computer operating system and common software applications are up-to-date with security patches installed.
- Do not open unsolicited or unexpected e-mail attachments claiming to be from a financial institution because of the risk of malicious code or software. As a precaution, call the financial institution using an appropriate telephone number, such as one from an account statement, to validate the e-mail and attached file before opening any attachment.
- Be aware that phishing e-mails frequently use new and innovative ways to trick recipients into providing logon credentials and confidential information or into unleashing malicious code.
- Regularly review financial account statements and immediately report any discrepancies to your institution.
- Be mindful that financial institutions generally deliver notices to consumers in writing about changes in account terms and conditions unless the consumer previously agreed to receive the notice electronically.
Listed below is other information that may be useful to you.