FDIC moves to take its brand back from phishers

The Federal Deposit Insurance Corp. is taking steps to stop phishers from using its name.

The federal agency, tasked with promoting confidence in the country’s financial system by insuring deposits, in February issued its most recent consumer alert warning of nefarious e-mails that use the FDIC name and seal to help convince recipients that messages are legitimate. The agency said these phishing messages, which include links to Web sites that capture personal and financial information, should be considered fraudulent.

“Con artists know that people trust the FDIC name. That's why they may use our name and seal in fraudulent e-mails trying to obtain valuable information from consumers and businesses,” says the alert, adding that the FDIC does not send out e-mails asking for detailed information.

The agency says phishing scams using the FDIC name and brand date back to January 2004.

But lately phishers who hijack the FDIC’s name are looking to victimize more than just consumers. Another agency alert, dated Feb. 21, warned financial institutions of an e-mail that appears to be from the agency’s legal information technology or information security department and has an attached script that purports to “improve security.” These e-mails are attempts to install malware on the financial institution’s systems, the alert warns, and should not be opened.

In addition to these attempts to raise public awareness, online brand protection service provider BrandProtect on Tuesday announced the FDIC has signed on as a customer. BrandProtect’s service will continuously monitor the Internet for references to the FDIC name and brand to identify potentially fraudulent use, helping to take down illegitimate Web sites as needed, according to company officials.