Information Protection and Security

According to one cyber intelligence and security company, recent reports of the demise of phishing have been greatly exaggerated.

FBI says there's been a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts.
Article link

Computerworld - A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.

Fake notification claims recipients financial institution has filed for bankruptcy, urges them to check the status of their deposit insurance coverage.
Article link

Scam email messages being generated at a rate of 1,000 per minute.

Phony LinkedIn invitation from 'Bill Gates' lands in smartphone inboxes.
Article link

Researchers at several security firms have uncovered a spam campaign targeting Facebook users. The e-mails, which pose as communications from Facebook about password resets, contain a nasty downloader that ultimately makes users part of a notorious botnet.
Article link

The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails appearing to be sent from the FDIC that are asking recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.

Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."

The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent Web site. The Web site includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the Web site or download the executable files provided on the Web site.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC's Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-3054, Washington, D.C. 20429, or transmitted electronically to alert@fdic.gov. Information related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online form that can be accessed at http://www2.fdic.gov/starsmail/index.asp.

For your reference, FDIC Special Alerts may be accessed from the FDIC's website atwww.fdic.gov/news/news/SpecialAlert/2009/index.html. To learn how to automatically receive FDIC Special Alerts through e-mail, please visit www.fdic.gov/about/subscriptions/index.html.

Distribution: All FDIC-Insured Institutions

Note: Paper copies of FDIC Special Alerts may be obtained through the FDIC's Public Information Center, 1-877-275-3342 or 703-562-2200.

Last Updated 10/27/2009 communications@fdic.gov

 Yesterday I received a "hot tip" from a friend in the form of an email offering a free laptop from Sony-Ericsson if I forwarded the offer to 8 people on my address list.  I'd get even a better laptop if I sent it to 20.  Too good to be true, right?  Right!  A quick visit to snopes.com answered my question and straightened out my friend.  Not only was there no laptop, but the person's name on the offer never existed.  It was a pretty picture of a nice laptop!  Urban legends, they're also in email.  Check before you send, or you might be sorry!  Stop. Think. Secure IT!

 A new email scam has been reported offering a free laptop to people for forwarding the email.  Sony Ericsson made no such offer, the email address is bogus and the company has no one by that name offering the laptops.
Article link