Subject: |
Fraudulent E-mails |
|
Description:
|
Fraudulent E-mails Purportedly
from the FDIC or VeriSign, Inc. |
|
Date: February 23,
2007
|
TO: |
Chief Executive Officers of All National Banks; All State Banking Authorities; Chairman, Board of Governors of the Federal Reserve System; Chairman, Federal Deposit Insurance Corporation; Conference of State Bank Supervisors; Deputy Comptrollers (districts); Assistant Deputy Comptrollers; District Counsel and Examining Personnel
|
|
|
RE: |
Fraudulent E-mails Claiming to be from the FDIC or VeriSign and Requesting
Recipients to Run a “Security Guard Script”
The Office of the Comptroller of the Currency (OCC) has been informed by the
Federal Deposit Insurance Corporation (FDIC) that fraudulent e-mails claiming
to be from the FDIC or VeriSign are in circulation. The e-mails request
recipients to run a “security guard script” to secure Web sites. Currently, the
e-mails are purportedly from “FDIC Legal Information Technology,” “FDIC
Information Security,” or “Verisign Inc.” and the subject lines include the
phrase “Regular Security Maintenance” or “Regular Hosting Security
Maintenance.” The e-mails are fraudulent and were not sent by the FDIC or
VeriSign, Inc.
The fraudulent e-mails state: “to secure your websites, please use the attached
file and (for UNIX/Linux Based servers) upload the file “vprotect.php” in:
“./public_html” or (for Windows Based servers) in: “./wwwroot” in your site.”
The e-mails also provide instructions for recipients who “do not know how to
use” the file.
The FDIC is working with the United States Computer Emergency Readiness Team to
determine the exact effects of the executable file. Recipients should consider
this file to be a malicious attempt to collect personal or confidential
information. Financial institutions and consumers should NOT download the
executable file attached to the e-mails. Consumers and financial institutions
should report any similar situations by contacting the FDIC’s Cyber-Fraud and
Financial Crimes Section.
Any information or questions that you may have concerning this matter should be brought to the attention of:
|
Mail: |
Federal Deposit Insurance Corporation (FDIC)
Cyber-Fraud & Financial Crimes Section
550 17th Street, NW
Room F-4004
Washington, DC 20429
|
|
E-mail: |
alert@fdic.gov |
Additional
information concerning this matter that you believe should be brought to the
attention of the OCC may be forwarded to:
|
E-mail: |
occalertresponses@occ.treas.gov |
|
Mail: |
Office of the Comptroller of the Currency
Special Supervision Division, MS 6-4
250 E Street, SW, Washington, DC 20219
|
|
Fax: |
(202) 874-5214 |
|
Internet: |
http://www.occ.treas.gov |
/signed/
Richard C. Stearns
Director for Enforcement & Compliance
|
|
|