FDIC Hit by New Phishing AttackFraudulent E-mail Sent Out to Customers
The fake e-mail, coming from "firstname.lastname@example.org" with the subject line: "FDIC: Your business account," is the second scheme in a month launched by cyberhackers feigning to be from the FDIC. [See Phishing Scheme Uses FDIC.]
This newest attack entices consumers to click a link for details about "important information from your financial institution."
The FDIC warns consumers to consider the e-mails fraudulent.
Preventing ID fraud requires a partnership between the financial institution and the consumer. And that is creating opportunities for banks, says James Van Dyke, the president and founder of Javelin Research & Strategy. "So many things go on every time a legitimate transaction happens that the consumer isn't even aware of," he says. "Then you have all these new types of consumer-adopted solutions, like identity-protective services and people signing up for online banking alerts and all those things. What we rarely see, though, is a connection or integration between those two."
A report issued in November 2010 by the Government Accountability Office revealed that the FDIC needed to mitigate control weaknesses. According to the report, the FDIC didn't always:
- Sufficiently restrict user access to systems;
- Ensure strong system boundaries;
- Enforce consistently strong controls for identifying and authenticating users;
- Encrypt sensitive information;
- Audit and monitor security-relevant events.
An audit in March by the GAO said the FDIC took corrective actions that effectively resolved a significant deficiency in internal controls related to security in its financial systems.