Office of the Comptroller of the Currency - Ensuring a Safe and Sound Federal Banking System for All Americans Site Map | Text Size: S M L

Alert 2007-9
Description: Fraudulent E-mails Purportedly from the FDIC or VeriSign, Inc.

Fraudulent E-mails Claiming to be from the FDIC or VeriSign and Requesting Recipients to Run a “Security Guard Script”

To: Chief Executive Officers of All National Banks; All State Banking Authorities; Chairman, Board of Governors of the Federal Reserve System; Chairman, Federal Deposit Insurance Corporation; Conference of State Bank Supervisors; Deputy Comptrollers (districts); Assistant Deputy Comptrollers; District Counsel and Examining Personnel

The Office of the Comptroller of the Currency (OCC) has been informed by the Federal Deposit Insurance Corporation (FDIC) that fraudulent e-mails claiming to be from the FDIC or VeriSign are in circulation. The e-mails request recipients to run a "security guard script" to secure Web sites. Currently, the e-mails are purportedly from "FDIC Legal Information Technology," "FDIC Information Security," or "Verisign Inc." and the subject lines include the phrase "Regular Security Maintenance" or "Regular Hosting Security Maintenance." The e-mails are fraudulent and were not sent by the FDIC or VeriSign, Inc.

The fraudulent e-mails state: “to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file "vprotect.php" in: "./public_html" or (for Windows Based servers) in: "./wwwroot" in your site." The e-mails also provide instructions for recipients who "do not know how to use" the file.

The FDIC is working with the United States Computer Emergency Readiness Team to determine the exact effects of the executable file. Recipients should consider this file to be a malicious attempt to collect personal or confidential information. Financial institutions and consumers should NOT download the executable file attached to the e-mails. Consumers and financial institutions should report any similar situations by contacting the FDIC’s Cyber-Fraud and Financial Crimes Section.

Any information or questions that you may have concerning this matter should be brought to the attention of:

Mail: Federal Deposit Insurance Corporation (FDIC)
Cyber-Fraud & Financial Crimes Section
550 17th Street, NW
Room F-4004
Washington, DC 20429
E-mail: alert@fdic.gov

Additional information concerning this matter that you believe should be brought to the attention of the OCC may be forwarded to:

E-mail: occalertresponses@occ.treas.gov
Mail: Office of the Comptroller of the Currency
Special Supervision Division, MS 6-4
250 E Street, SW, Washington, DC 20219
Fax: (202) 874-5214
Internet: http://www.occ.gov


Richard C. Stearns
Director for Enforcement & Compliance