Computer Security Articles

A few weeks ago, M86 Security Labs discovered how to create a phishing page in RapidShare.com. As most of you probably know, RapidShare is one of the largest file sharing websites, with thousands of users worldwide.

While trying to download a file from RapidShare.com we encountered an error message indicating that the servers were busy.

We decided to test the error message and found that there is an improper input validation vulnerability in the “downloaderror” field.

Below is the original error message from RapidShare:

RapidShare.com Error message – Too many users downloading…

In the following screen, we see a fake phishing message that offers users the opportunity to buy a premium account for RapidShare:

RapidShare.com Fake Error message

A closer look:

For further information, see this demo link:

http://rapidshare.com/#!downloaderror|3|623624|test.avi|723|Too%20many%20users%20downloading%20from%20this%20
server%20right%20now.%20Please%20call%201-800-555-fake-premium%20
or%20email%20your%20Credit%20Card%20to%20fake@premiumfake.com
%20to%20get%20a%20premium%20account%20for%20only%209.95$ %20a%20month%20!!!

In addition, we can control all of the “downloaderror” fields. For example, the file folder (623624), the file name (test.avi), and of course the error message.

This type of improper input validation can help malicious attackers create phishing pages within RapidShare.com. A user that receives an email or a link to the malicious phishing page could unknowingly give away credit card information to the malicious attacker either by email or by a phone call.

We contacted RapidShare.com regarding this subject and received a response from the RapidShare Abuse team assuring us that they have fixed the issue.

Phishing scams in Facebook. It’s not new and it’s not sophisticated. But they still catch the unwary and they’re still happening now, with only minor tweaks in tactics.

End 2010, we saw a run of phishing scam links being sent around via the chat feature. We’re seeing a new run at the moment. The following links are sent (from hijacked accounts) through chat messages and posts on the Walls of randomly selected friends:

• http://apps.facebook.com/dealscentral[...]/dsuguo[...]/
• http://apps.facebook.com/reallytimeto[...]/
• http://apps.facebook.com/backseatdriver[...]/
• http://apps.facebook.com/fishingfor[...]/

The links look like they would go to an App, but they just take the user to pages that look like the real Facebook log-in page:

Obviously, those page URLs aren’t legit.

Nothing fancy here, but stay alert and stay safe anyway. This looks to be a small scam run at the moment, would be nice if it died out quick. At time of writing, the first phishing link listed above is no longer active, but the others still work.

You can read more about phishing scams, or report a suspected scam, at the Facebook Phishing Scam Awareness page.

(Shantini, F-Secure)

We have noticed a lot of SMS-based web-phishing attacks in China targeting the Bank of China’s online users. They received a phishing SMS that is designed to look like it was sent by the bank as a reminder to its customers: “Dear user, your token has expired, please visit http://www.boc**.com to reactivate your token.” The URL is similar to the bank’s official website but points to a phishing site that looks almost like the original bank website.

On this bogus phishing website, there is a button on the top right that says “Upgrade your token.”

Once the user clicks this button, it redirects to a page that looks like the normal online-banking login page. The criminals will get all the info they need to steal money from the victim’s account: user ID, password, and token.

This information is used immediately to transfer the victim’s money into the attacker’s account before the token expires.

A lot of technologies–including tokens, certificates, dongles, etc.–are designed specifically to protect against phishing. But even though Bank of China uses tokens to enhance security, customers still need to take care to prevent this type of phishing attack.

Steam, the world’s largest online gaming platform, is increasingly being targeted by phishers trying to steal credentials from its 30 million users.

If you’re not familiar with Steam, just imagine something like iTunes – but for PC and Mac video games.

If you’re interested in digitally downloading video games for your computer, Steam is likely to be your destination.

Phishing attacks against Steam users are nothing new – they’ve been around for a couple of years – but as more and more users jump onto the Steam bandwagon (train?) phishers have greater chances of success.

Here’s one example of a Steam phishing email, sent to an email address that has never registered for a Steam account:

Subject: Warning! Your steam account will be suspended?

Although it looks like the link will take you to the real Steam website, the HTML actually directs you to a phishing site. Our spam researchers had a wry smile when they spotted that the email was sent on 15 February and yet it claims that Steam accounts will be closed if they don’t hear back from the users by 11 February.

Just as we’ve seen a black market for stolen iTunes accounts, so Steam accounts have a monetary value too.

So, don’t be too trigger-happy and always think before you click on that link. And if you use the same password on Steam as you do on other websites you could be handing cybercriminals over more than just the keys to your games cupboard.

Valve, the company behind Steam, has published advice on how to secure your Steam account which users would be wise to read.

I find Chinese phishing sites particularly interesting. For starters, they don’t seem to attract too many security researchers. I have found that very few Chinese sites are blocked by Phishtank or Google Safe Browsing. Additionally, the type of phshing is very different from what we see in the US or other Western countries. While sites related to banking (PayPal, Bank of America, J.P. Morgan, etc.) are the primary targets of phishers overall, Chinese phishing sites are mainly focused on QQ (Instant messaging, online games, etc.) or Yahoo! Auctions.

Recently I found two Chinese phishing/scam sites: a site about stocks from Shanghai Huaer Securities, and a government lottery. These two types of sites use a large number of pages with an IFRAME displaying the main site, and both follow a similar layout. The domain names are registered to different people, so the phishers may not be affiliated.

Shanghai Huaer Securities

This site claims to be a stock trading company for the Shanghai Securities market.

Shanghai Securities trading site.

The main sites is hosted on huaerzq.com. The “Add to Favorite” links do not use the same domain, rather they leverage short links (http://www.goo.gl/YebPW) which redirect to huaer88997766.now.to, which is simply an IFRAME to huaerzq.com.

There are many now.to sub-domains which display this website:

soso112233.now.to
huaer88997766.now.to
hua123567000.now.to
hua88899900.now.to
gugu99889988.now.to
gugu001122.now.to
lang123123.now.to
gugu6677.now.to
168.hua8899.now.to
soso9988.now.to
gugu8899.now.to
33223388.now.to

Government lottery

The second type of site claims to be a Government lottery. Proceeds are purported to help the kids you see on the right side. I found two slightly different versions of this site.

Fake government lottery

This site is hosted on these domains:

www.330069.com
55882.co.cc
55571.co.cc

And the following domains contain an IFRAME to one of the sites above:

797.feels3.de
90.ezpagez.com
www.66797.co.cc 

These sites are not blocked by any popular phishing blacklist that I am aware of, and will therefore likely stay up for some time.

– Julien

A new attack on Twitter users has been arriving as spam with a phishing link. It appears as a notification about an unread message from Twitter Support with a subject line such as “Twit 73-923.” The ending number can vary. The body of the message includes “You have [some number of] delayed message(s) from Twitter” and a link to a phishing site.

If you receive one of these emails, make sure to check where the link points to before clicking on it. To visit a page such as this (or any page even), it’s much safer to manually type the web address instead of clicking a link in an email. Links can easily be faked!

Users without protection who click on any of these links could infect their PCs or reveal their Twitter credentials.

We recommend you take advantage of either or both of McAfee’s TrustedSource™ reputation system and SiteAdvisor Technology to protect yourself against malicious phishing attacks and the sites that host them.

Tweet, search and surf safely out there!

View full post on McAfee Avert Labs

The days leading up to mass media events like the Super Bowl are prime time for cybercriminals. This year’s Super Bowl, to be played between the Green Bay Packers and the Pittsburgh Steelers on Feb. 6, is especially lucrative for criminals who want to take advantage of the popularity of the teams involved.

Steelers fans are known for traveling to games all over the country and for purchasing as much merchandise as possible. Cybercriminals will try to take advantage of this fan loyalty with phishing schemes offering cheap tickets, accommodations and game merchandise.

But phishing is only one method the cybercriminals use to make their attacks. Leading into Super Bowl Sunday, they will use methods such as search-engine poisoning to push infected websites to the top of any online search involving the game or players.

After the game, expect social engineering to kick in, as malicious Web links will appear to come from friends, suggesting visits to YouTube to watch great plays from the game or replays of commercials.

“Telling the difference between a legitimate site and a malicious site can be very difficult,” explained Mark Maciw, web product manager at the U.K.-based Web and e-mail security company Clearswift. “They can look identical and even contain some of the content which is derived from the original and legitimate site, such as images.”

Clicking on a link sent via spam or found in a poisoned web search can unknowingly download a Trojan or other kinds of malicious software to your computer. Since the goal of a cybercriminal is to steal financial and other personal information, clicking on a link for super-cheap tickets to the game could end up wiping out your bank account.

“If you hold the mouse over the link in an e-mail, without clicking, then the destination URL may be shown in what’s called the ‘mouseover’”, Maciw said. “Check this link: does it match the link shown in the e-mail, and does it look like the URL for the site you’d expect? If not, then be suspicious again.

“Also, look carefully at the URL in the mouseover,” he added. “Even if it appears to be the legitimate site, be careful because just one extra character, or changed character, can take you somewhere else completely different.”

Maciw also provided these tips for keeping safe during Super Bowl week:

— Always install the latest patches to your operating systems and applications; these will often include security updates.

— Always install desktop anti-virus software, and keep virus signatures up to date.

— Companies need to ensure that their security includes spam and URL filtering, as firewalls and antivirus systems or software are not sufficient.

— Employers should also show employees sensible precautions to take and how to avoid the obvious traps. As the boundaries between work and home become blurred, it helps employers if employees are security-savvy.

The best way to protect yourself? Maciw said it’s best to always be wary and not trust everything on the Internet. If a link is sent by a friend, double-check and ask yourself if the message containing the link is legitimate. Not everyone knows if his or her site has been compromised.

We are monitoring a phishing attack directed toward the customers of PayPal Italy. The email is very long and explains the reader why is it important to click on that link and to answer to the survey. As usual for this kind of emails, the subject specifies that the user is required to take action immediately.

Another interesting fact with this phishing attack is that the email appears to be sent from paypal.lt (Lituania). Checking the paypal.lt domain in a browser, we are redirected to the paypal.com website and then to the final target http://www-paypal-deutschland.de. These guys from PayPal seem to never learn anything from experience. As long as you have more than one domain for a business, you create confusion and practically invite fraudsters to take advantage of the confusion this creates.

The fake PayPal website looks different than the real paypal.it website (on paypal.it/ricarica), which might be because the screenshot was taken at a different point in time.

We would like remind our readers to never click on links in (unexpected) emails. If you have to visit a webshop or website of a financial institution, please make sure you type the URL by hand and not by clicking links in some email!

Sorin Mustaca
Data Security Expert

Full story: Avira – TechBlog

Paypal phishing attempts in English speaking countries are very successful. The fraudsters seem to assume that this success also applies to the German speaking audience and started many phishing campaigns with phishing mails written in German. Unfortunately for them, the emails use very bad German concerning both the terms used and the grammar – most of the time, the message remains meaningless. The translation is probably performed with an automatic translation tool based on an English source.

However, sometimes I have the feeling that they are making fun of the users. In the first screenshot of such an email, at the end of the email it is written: “Bundesland der Prüfung der Konten von Paypal”. Freely translated, this would mean: “The federal province of checking the accounts of Paypal”.

It is clear that international phishing adapted to the German language has still a long way to go to become a “productive business”. However, we are also seeing other phishing attacks which are much better crafted and might fool some users.

No matter how badly or good written these emails are, we want to warn our readers to never click on the links because they might also contain malware.

Sorin Mustaca
Data Security Expert

Full story: Avira – TechBlog

MX Lab, http://www.mxlab.eu, is intercepting tax refund phishing emails with the subject “FORM SAT-19287″ and an attached HTML webpage.

The emails is send from the spoofed email address xxx and has the following body:

Preston
PR1 0SB
United Kingdom

FORM SAT-19287
Tax Refund Amount: 465.24

Dear Applicant,

You are eligible to receive a tax refund of 465.24, after calculation of your fiscal activity. Your verification form will only be valid only for 24 hours and for verification your details you have the tax file number (TFN): 692553841 (See the tax privacy note in the Taxpayer’s declaration on page 8 of your tax refund).

Please complete the individual tax refund 2010-2011, “FORM SAT-19287″ attached to this confidential message. After completing the form allow us 5-9 business days in order to process it.

Sincerely,
HM Revenue & Customs
service@hmrc.gov.uk

Attached to the emails is the file SAT-19287.PDF.html that needs to be opened in a browser. Once opened, you will find the following webform.

As you can notice, the webform needs a submission of your personal details and also your credit card details to transfer the tax refund to.

When looking into the HTML source code we can find that the layout and images are directly taken from the http://www.hmrc.gov.uk/ web site. The form data itself will be directed to hxxp://GoldCoastApartment.org/wp-includes/wp-vars.php. When submitting data you will be redirected to the HM Revenue & Customs web site.

On the official HM Revenue & Customs web site you can also read a warning regarding fraudulent and phishing emails.

Full story: mxlab – all about anti virus and anti spam

Cybercriminals are regularly presented as twisted geniuses by the popular media, beavering away in dank basements constructing the latest malware to mess up critical national infrastructure or honing code to break into bank accounts and steal millions.

The truth is, of course, often somewhat less dramatic. The simple truth is that you don’t need to build a sophisticated attack to trick the typical computer users into clicking on a dangerous link or attachment. You just need to dress it up as something alluring (a naked video of Natalie Portman or a bill for an air ticket you never purchased would probably do the job, for instance)

And sometimes, you just need to ask users a question with a straight enough face. If you’re bold and brazen enough, you might just get away with it.

Take this elementary phishing attack that was seen by a Naked Security reader late last week, for instance.

Yes, there are typos and inconsistencies in the way that words are spelt in the email, and anyone who pauses to breathe before responding hopefully realises that the one thing Gmail should be able to tell is whether your email account is active or not.. All they have to do is see when you last logged in or read an email, right?

But there will be a small percentage of the public, perhaps those who are not as IT-savvy, who might worry that they will lose access to their precious Gmail account and respond without thinking.

It’s easy to say that people who fall for an elementary phishing attack like this deserve everything they get, but I find that opinion rather hard-hearted. We should all ensure that friends and family who might be vulnerable – even to unsophisticated attacks like this – are briefed about the threats and helped to avoid them.

Full story: Naked Security – Sophos

We don’t see a phishing attack executed simultaneously in two languages every day, but recently saw one in English and French at the same time. This time, the fraudsters didn’t even bother to change anything in the email: The text is translated word by word into French. Also the so called Reference Number is the same. The only difference is the way the link to the phishing site is presented. The French version has a button which redirects to the fake website and the English version is using a spoofed URL.

The email creates pressure upon the victim via some kind of urgency by using classical constructions like “this is the last reminder to log in” and so on. Both emails were sent by bots distributed all over the world.

We would like to remind our readers that no matter how good and credible the email is, you shouldn’t click on the links in it. Users of the Avira products containing AntiSpam and WebGuard are safe : The emails in both languages are detected as Phishing and the URLs are blocked.

Sorin Mustaca
Data Security Expert

Full story: Avira – TechBlog

I am going to Turkey. Yes! Yes!! Yes!!! I won!!!! But eh… Wait a minute? I did not even know I participated in a lottery!?!?!

How it all started…

As I own some domains, I can create almost an infinite number of e-mail addresses. And I regularly do so. Every time I visit a website for which I have to register and I’m not sure I will be back, I will generate one unique e-mail address. And there are other occasions I generate these, like when I leave that address in a shop, like last Saturday. After purchasing something in a local small computershop I could leave my e-mail address to receive an occasional e-mail with promotions of them. Normally I would not do that, but this time I did and when I returned home, I generated the e-mail address.

To my surprise, on Saturday-evening I received this e-mail on that address:

The subject is in Dutch, the rest in German. I won a “free” wellness holiday to Turkey for 4 persons, worth 1496 Euro, with lots of things inclusive. Interesting as there is even a price-guarantee for this “free” holiday. As the e-mail has my own unique number “SKY22111” I sudden felt the urge to see what would happen.

If you click on the link in the e-mail, you will go to http://www.skytraveltours.net, which links to http://www.889977.net and eventually ends at http://www.wellnesstuerkei.net. And that is the real website (even all buttons on the website reference the last domain), why all this redirection? Obfuscation? Usually it means there is something to hide!

I went to the website and filled in the details:

I did not bother to enter the right unique number, I suspected any number would do and I was right. Although I won a trip for 4 persons, I could only enter 2 persons.

So I did get a confirmation e-mail.

My “free” holiday suddenly starts to cost money, 49 Euro handling fee per person. For what? I did all the work. I am sure that in the end there is something that would cost me even more money if I went on this trip. I reckon this is one of those scams.
On the other hand, this could be an interesting multi-component phishing attempt. They got my e-mail address, by offering me this “free” holiday they tempted me to go to this website where I willingly filled in all my personal data. If I would have entered real personal data they would know a lot more about me. And as the conformation e-mail said, a letter would be send to me with the invoice for my “free” trip. If I would pay the invoice, they would even have my bank-account number (besides 98 Euro).

And what has this to do with the item I bought in a local computershop? Absolutely nothing. One thing is for sure, they did "use" my e-mail address rather quickly, or at least the employee I handed it to. I must go back to the computershop and have a little chat with the owner

This blog must have a moral, so here we go.

This of course illustrates how easy people will (mis)use your submitted information. In this case it was a harmless e-mail address, but it could be other, more private, data. As usual, Norman advises you to be extremely careful when you hand over personal information. Even if it seems innocent, your data can be (mis)used instantly. And if you won the lottery and you did not even know you participated, when it is too good to be true, it usually isn’t!
 

Full story: Norman’s security blog

Facebook Security is the official Facebook page that the site uses to provide user-friendly security information that is particularly relevant to its users. However, it is now being used in phishing attacks.

Spammed messages purportedly from Facebook Security are being sent to Facebook users. According to the message, the user’s account has been found to be suspicious and has been blocked. Facebook Security’s account was either accessed from an unknown location or was abused.  The message then asks the user to verify and unblock the account by going to a site that turned out to be a phishing page:

Another way users are targeted are via fake Facebook Security profiles. Many profiles seemed to have been registered by Facebook Security with diacritic marks inserted.

As is in this case, be careful about opening messages and websites, even if they supposedly come from official sources such as Facebook Security. One can see that the messages and websites contained several glaring errors in grammar and punctuation–a common issue for phishing attacks in general, and something that should warn users that the site they’re visiting is not legitimate.

Post from: TrendLabs | Malware Blog – by Trend Micro

Facebook Security Spoofed, Used for Phishing

Full story: TrendLabs | Malware Blog – by Trend Micro

We are currently observing an attack with different phishing emails and websites, targeting the customers of the Italian bank Cartasi.

We have spotted 4 different phishing attacks, 3 of them using the classical technique of faking the target URL (pictures 1-3) and one using social engineering techniques (Picture 4). The last one, is tempting the user to access his/her account in order to receive a 150 EUR fidelity bonus. So that the effect is realistic, the sense of urgency is created by mentioning the email that the account has to be accessed in 48 hours from receiving the email.

All emails we received are being sent from bots around the world, containing also some fake headers.

As usual, we would like to assure our readers that nothing is really free in the Internet and that banks (should) never send emails asking the users to do something that could identify them. The emails are all detected by Avira Antispam as Phishing and all URLs are blocked.

Sorin Mustaca
Data Security Expert

Full story: Avira – TechBlog

20% of users provided account details in a phishing attack analyzed recently by ESET Latin America’s Laboratory, as reported in the ESET Threat Blog.

ESET came across the phish and studied the server it ran on. The same server was used to store the logs and the details collected by the phish, so ESET was able to piece together effectiveness data.

The first access to the site was on January 20 at 10:01 pm. The last was on the same date at 15:24 pm. Therefore, the attack was active for just over five hours. In that time, 164 users accessed the site, for an overall average of about 30 per hour. 35 of them—over 21%—provided details to the attack.

ESET also stresses that this was not a particularly sophisticated phishing attack. The e-mail subject was “WARNING—INACTIVE CREDIT CARD!”. The web page made no attempt to mimic that of the famous Latin-American bank it impersonated.

Moral of the story? Phishing can still be lucrative.

Hat tip to Roger’s Security Blog.

Full story: Security Watch

Phishing attacks have grown steadily in recent years, becoming a highly profitable attack for cyber criminals. In ESET Latin America’s Laboratory, we are used to finding and informing about phishing attack outbreaks in our region. A few days ago, we found a new case of phishing, for which we investigated the effectiveness of the attack.
In … Read More.

Full story: ESET ThreatBlog

A report from OpenDNS describes some of the intelligence gathered from their DNS service for millions. OpenDNS bills itself as “…the largest global DNS service for consumers, schools and businesses.”

OpenDNS has long offered services beyond simple name resolution. In addition to being antiphishing pioneers with their Phishtank service, they offer web content filtering as wel as malware and botnet protection.

The report contains aggregate data from their provision of those services. Some of the interesting numbers: The top 3 categories of data blocked by users are Pornography, Sexuality and Tasteless. No surprise there or in the rest of that list.

The list of most blacklisted specific web domains includes some porn, but also MySpace, Facebook and YouTube, with Facebook the #1 most blacklisted site. Facebook, MySpace and YouTube have the ironic distinction of also being on the 10 most whitelisted sites.

After all these years, PayPal is still the most phished brand (45%), and still by a large amount. A long way back at 5.3% is—once again—Facebook.

Full story: Security Watch

(Watch it in HD!) Are you aware you are being phished? That you may have recieved an imitation email or that you could be lured into a fake website? Billions of dollars are stolen every year through a deceptive tacktic called “Phishing.” A “phisher” sets up a look-alike website (of a bank, for example) and sends out legitimate looking emails to lure in victims. They then use these to trick the user into giving up sensative information. Always be carefull to check you are on the REAL website of any bank, store, or other important site. Always be wary of imitation emails asking for personal information. And never give out personal information if you are unsure about who you are giving it to. By taking care to check where you are online and who is actually contacting you in email, you can help eliminate the risk of falling victim to a phishing attack. This video was created by Crosshair Studios and Team Purps as a submission to the 2009 Computer Security Awareness competition presented by educause.edu More information about the contest can be found at: www.educause.edu

Appriver has uncovered a tasty new “Fillet O’ Phish”: A survey scam purporting to be from “McDonald’s Consulting.”

The scam tries to get your personal information, including credit card account and mother’s maiden name. It promises a $ 250 reward. It starts with an e-mail, pictured below (click it for a larger version), and leads to a succession of web pages.

Full story: Security Watch

Most abused TLDs

The trend we observed in the last months when the non “classical” TLD increased massively continued in December as well. Contrary to November, where the .com has seen a slight increase, we are noticing this month that it decreased by more than 76%. The measures taken in November and December by the registrars of .org and .net finally show results: The usage of these two domains decreases, this month with an astonishing 151% for .org.

Spam category statistics

The spam levels decreased slightly from November, but still a lot of mixed spam has been sent. The “Others” category means all kind of spams which can’t be automatically sorted in one of the categories below. This was also expected, considering that we’ve had the holiday season where a lot of things were advertised for selling.

Extension statistics for malware URLs

As expected, the level of malware dropped significantly this month because of the fact that the spammers sent out more commercial driven messages than normal.
We are, however, seeing in January a comeback of the spam advertising malware. Interestingly, we see for the second month a significant increase of the .gif extension.

Most phished brands statistics

The most attacked brand is – as usual – PayPal. Strangely, despite the fact that we see a lot of PayPal phishing emails, we received a lot less phishing overall than in the previous months. I think that the reason for this has to do with the fact that the attacks are becoming more targeted than before. So, the phishers are improving the quality of the spam campaigns now and no longer try to flood the mailboxes blindly. This is why we see that many smaller brands (category Others) increasingly started to get phished for the second month in a row.

URL Shorteners used in malicious activities

The URL shorteners are used in emails to hide the final location of a malware file. It is not surprising to see the same trend here as in the distribution of the malware extensions (see above) because of this. The most used shorteners, bit.ly and goo.gl, have seen significant decrease in December.

Sorin Mustaca
Data Security Expert

Full story: Avira – TechBlog

During my regular reading on the main feeds on information security this week, I found a small and particular news that, I consider, invites us to think about it. It turns out that according to a post by Mickey Boodaei, CEO of Trusteer, mobile phones users are three times more likely to become victims of … Read More.

Full story: ESET ThreatBlog

Cyber criminals love social networking sites as they are full of readily available personal information. They could go about harvesting that information by hand but it’s a rather tedious process. Instead, they use ‘social worms‘ to go from one contact to the next. So what exactly do I mean by social worms? Well, think of them as a [...]

Full story: Malware Diaries

The U.S. Federal Deposit Insurance Corp. and at least one bank are warning that an email phishing campaign has been detected in which potential victims are being told that their bank accounts have been suspended because of violations of the Patriot Act and they are asked for their identity and account information.

The special alert from the Division of Supervision and Consumer Protection said:

“The Federal Deposit Insurance Corporation (FDIC) has received numerous reports from consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that ‘in cooperation with the Department of Homeland Security, federal, state and local governments…’ the FDIC has withdrawn deposit insurance from the recipient’s account ‘due to account activity that violates the Patriot Act.’ It further states deposit insurance will remain suspended until identity and account information can be verified using a system called ‘IDVerify.’ If consumers go to the link provided in the e-mail, it is suspected they will be asked for personal or confidential information, or malicious software may be loaded onto the recipient’s computer.”

Tom Kelchner

Full story: GFI Labs blog