Each depositor insured to at least $250,000 per insured bank



Home > News & Events > Special Alerts




Special Alerts

SA-264-2006
September 13, 2006


TO: CHIEF EXECUTIVE OFFICER (also of interest to Security Officer)
SUBJECT: Fraudulent E-Mail Claims to Be From the FDIC
Summary: E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should install software that was developed by the FDIC and other agencies. The software may be a form of spyware or malicious code and may collect personal or confidential information.

The Federal Deposit Insurance Corporation (FDIC) is aware of e-mails appearing to be sent from the FDIC that are asking recipients to install unknown software on personal computers. Currently, the subject line of the e-mail includes the phrase "Urgent Notification - Security Reminder." The e-mail is fraudulent and was not sent by the FDIC.

The fraudulent e-mail describes "a small client utility"—referred to as "ProBank"—that recipients are asked to install on home and business computers. The e-mail claims:

"...this utility only starts whenever an online session is opened with a Financial
Institution insured by the FDIC, thus it will never interfere with any programs installed
on your computer. Please help us combat fraud by installing, ProBank on any computer
that is used to open an Online Banking session."

The e-mail requests that recipients click on a hyperlink that appears to be related to the FDIC, which directs recipients to an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

Financial institutions and consumers should NOT access the link or download the executable file provided within the body of the e-mail.

The e-mail also asks financial institutions to "advertise and market the ProBank's existence to employees, suppliers, third-party service providers and customers." Financial intuitions should NOT advertise the existence of the software. Rather, they should educate customers and staff about the existence of these and similar phishing e-mails.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website at www.fdic.gov/news/news/SpecialAlert/2006/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Sandra L. Thompson
Acting Director
Division of Supervision and Consumer Protection

Distribution: All FDIC-Insured Institutions

NOTE: Paper copies of FDIC Special Alerts may be obtained through the FDIC's Public Information Center (1-877-275-3342).




Last Updated 9/13/2006 communications@fdic.gov