Fake e-mails delivering virus to users’ inboxes, says expert

Washington, Oct 28 (ANI): A fake email, apparently from the Federal Deposit Insurance Corporation (FDIC), can steal bank passwords and other sensitive personal information from unsuspecting victims, according to a computer forensic expert.

Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham (UAB), has said that cyber criminals are sending the spam mails with one of two subject lines-’FDIC has officially named your bank a failed bank’ or ‘You need to check your Bank Deposit Insurance Coverage’.

He said that the moment the message is opened, the spam asks users to visit a specific Web site, a link to which is included in the message.

Those that follow the link are taken to a page that asks them to click and download a copy of “your personal FDIC insurance file.”

“Unfortunately, anyone who clicks that download link will be downloading a version of the Zeus Bot virus, which has the capacity to steal bank passwords and other financial and personal information,” said Warner.

Warner and his colleagues in the UAB Spam Data Mine have been tracking the new spam for a number of days and report its delivery volume to be very high.

The spam claims to be from the e-mail address consumeralerts@fdic.gov, which is a real e-mail address used by the FDIC, but has actually been forged by the malware distributors in this situation, said Warner.

“The cyber criminals behind this spam have gone to great lengths to mimic the logos and look of FDIC communications, including going so far as to forge an official FDIC e-mail address in an effort to confuse consumers into following links and downloading harmful programs.

“As is the case with any agency or company e-mail, do not follow links or click downloads embedded in the messages. Instead, visit the site in question through your Web browser and log in as you normally would. If an entity has an important message for you, you’ll be able to find it on its Web page.

“Legitimate companies will never ask you to download programs or enter your personal information via an e-mail,” he added. (ANI)

Related posts:

• Clicking on holiday e-mails can give your computer to criminals: Expert
• Two-third of e-mails are junk mails
• Cyber conmen take advantage of Apple iPad craze
• Your Valentine’s Day emails might actually be a deadly virus
• Poor security questions put e-mails at risk
• Cyber threats in 2010
• Mobile phone app that tells users about thugs living in an area!
• Internet users warned of Koobface virus on social networking sites
• Facebook, Twitter users endangering their right to privacy, says expert
• Meera discloses ‘life-threatening’ e-mails from Attiqur Rehman
• Indian e-mails 10-year-old client database from Malaysian firm to his new employer
• Backing up your e-mail: Don’t make it optional
• Stealthy Windows virus that can steal bank login information doing the rounds
• Method to trim computer’s spam diet
• UK event to make Internet users more security conscious