false FDIC email address ([email protected] execs.com) that didn’t include “exes. com” and the false D.C. area code of 646 — it’s actually 202. A form, “FDIC Claimant Verification,” attached to the cover letter, was also fraudulent. The second fraudulent email message reported on this date claimed to originate at [email protected]; it O © Marcela Barsse/iStockphoto

FRAUD-MAGAZINE.COM JANUARY/FEBRUARY 2013 FRAUD MAGAZINE 57 informed each recipient that his recent ACH transaction wasn’t completed. He was then asked to update the transac- tion and download it by clicking on a link in the document. On April 27, 2012, the FDIC alerted individuals to a new phishing scheme that gave the appearance that it came from the agency. Th e email messages were similar to each other, and the “Subject” line was the same: “SURVEY CODE: STJSPNUPUT.” The content of the “From” line varied. The email stated that if the recipient completed a “quick and easy” five- question survey, the FDIC would credit $100 to his bank account. The email instructed the victim to “Click here to continue.” Not a good idea. On April 10, 2012, the FDIC re- ported fraudulent emails that appeared to be sent by Publishers Clearing House. The message stated that the recipient had won a significant cash award, and he could collect it by pur- chasing a “Check Insurance Certificate” from the FDIC for a $1,000 fee. The recipient was directed to email the FDIC for instructions for forwarding the “fee.” The message included a fake telephone number and email address for information. “Check Insurance Certificates,” of course, are fake, as is everything else in the messages. On Feb. 15, 2012, the FDIC reported yet more fraudulent emails that appeared to be sent by the agency. The message stated that the recipient’s ability to transfer funds via ACH and wire had been temporarily withheld for security reasons. The recipient had to click on a hyperlink and “install the updated installations” to eliminate the hold on his account and get reinstated. On Feb. 8, 2012, the FDIC reported email messages that notified recipi- ents of “recent changes in the Federal Deposit Insurance Corporation insur- ance coverage” for noninterest-bearing Figure 1

58 FRAUD MAGAZINE JANUARY/FEBRUARY 2013 FRAUD-MAGAZINE.COM TAKING BACK THE ID Identity theft prevention analysis transaction accounts — a checking account or demand deposit account on which no interest is paid by the insured depository institution. Even though the money in their accounts for 2011 and 2012 were fully insured by the FDIC, the message stated, the recipients were instructed to click on a hyperlink to learn more about the “temporary” change in the coverage. The FDIC states that it never sends unsolicited emails to consumers or business account holders. The agency reminds recipients, of course, to never send funds as requested, provide any PII or click on any links in the mes- sages. Delete, delete, delete.