An official website of the United States government
Parts of this site may be down for maintenance Saturday, November 23, 7:00 p.m. to Sunday, November 24, 9:00 a.m. (Eastern).
Alert 2007-9 | February 23, 2007
Share This Page:
Chief Executive Officers of All National Banks; All State Banking Authorities; Chairman, Board of Governors of the Federal Reserve System; Chairman, Federal Deposit Insurance Corporation; Conference of State Bank Supervisors; Deputy Comptrollers (districts); Assistant Deputy Comptrollers; District Counsel and Examining Personnel
The Office of the Comptroller of the Currency (OCC) has been informed by the Federal Deposit Insurance Corporation (FDIC) that fraudulent emails claiming to be from the FDIC or VeriSign are in circulation. The emails request recipients to run a "security guard script" to secure Websites. Currently, the emails are purportedly from "FDIC Legal Information Technology," "FDIC Information Security," or "Verisign Inc." and the subject lines include the phrase "Regular Security Maintenance" or "Regular Hosting Security Maintenance." The emails are fraudulent and were not sent by the FDIC or VeriSign, Inc.
The fraudulent emails state: “to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file "vprotect.php" in: "./public_html" or (for Windows Based servers) in: "./wwwroot" in your site." The emails also provide instructions for recipients who "do not know how to use" the file.
The FDIC is working with the United States Computer Emergency Readiness Team to determine the exact effects of the executable file. Recipients should consider this file to be a malicious attempt to collect personal or confidential information. Financial institutions and consumers should NOT download the executable file attached to the emails. Consumers and financial institutions should report any similar situations by contacting the FDIC’s Cyber-Fraud and Financial Crimes Section.
Any information or questions that you may have concerning this matter should be brought to the attention of:
Mail: Federal Deposit Insurance Corporation (FDIC) Cyber-Fraud & Financial Crimes Section 550 17th Street, NW Room F-4004 Washington, DC 20429 Email: alert@fdic.gov
Consumers who receive counterfeit or fictitious items and associated material should file complaints with the following agencies, as appropriate:
Additional information concerning this matter that should be brought to the attention of the Office of the Comptroller of the Currency (OCC) may be forwarded to
Office of the Comptroller of the Currency Special Supervision Division 400 7th St. SW, Suite 3E-218; MS 8E-12 Washington, DC 20219 Phone: (202) 649-6450 Fax: (571) 293-4925 www.occ.gov occalertresponses@occ.treas.gov
For additional information regarding other types of financial fraud, please visit the OCC's anti-fraud resources page.
Richard C. Stearns Director for Enforcement & Compliance