To determine if it's spam, look for these two things:
1. The message will have one of these two subject lines:
- FDIC has officially named your bank a failed bank
- You need to check your Bank Deposit Insurance Coverage
2. The return e-mail address is consumeralerts@fdic.gov, which is a real e-mail address used by the FDIC, but this one has been forged.
WHO is reading your e-mail? Find out how little e-mail privacy you have at work.
Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham, says that once the message is opened the spam asks users to visit a specific Web site, a link to which is included in the message. Those that follow the link are taken to a page that asks them to click and download a copy of "your personal FDIC insurance file." Warner warns, "Unfortunately, anyone who clicks that download link will be downloading a version of the Zeus Bot virus, which has the capacity to steal bank passwords and other financial and personal information."
If you want to keep your job, never ever send one of these seven e-mail messages from work.
"The cyber criminals behind this spam have gone to great lengths to mimic the logos and look of FDIC communications, including going so far as to forge an official FDIC e-mail address in an effort to confuse consumers into following links and downloading harmful programs," Warner says. "As is the case with any agency or company e-mail, do not follow links or click downloads embedded in the messages. Instead, visit the site in question through your Web browser and log in as you normally would. If an entity has an important message for you, you'll be able to find it on its Web page. Legitimate companies will never ask you to download programs or enter your personal information via an e-mail."
What do you think? Take the What's New poll to the right!
