Email scam alert! The latest phishing scheme to hit the web claims to be from the US Federal Reserve. The malware email tells victims about a canceled wire transfer and then prompts them to download a payment receipt attachment for more details.
Now that tax season is over and refunds are trickling in, many Americans may be eager to click on a message they believe to be from the Federal Reserve. But this email is a fraud and there is no FedWire payment receipt.
According to cyber security experts at Sophos, the attachment actually contains a Trojan virus designed to hack your Windows PC and steal your private information.
Let’s review how this Federal Reserve phishing scam works and how you can protect yourself.
Gone Phishing: No, It’s Not the Real Federal Reserve
Phishing is a scam tactic used to defraud victims by “reeling them in” with a fake message.
Some phishing scams impersonate companies like PayPal or eBay, while others claim to be special sweepstakes contests, banking notifications or government warnings.
A phishing email may prompt you to visit an external website or trick you into downloading an attachment.
The scammer’s end goal also varies. Some phishing emails attempt to extract the routing number or online password for your bank account, while others seek to infect your computer with viruses and malware.
This new phishing scheme pretends to be from the Federal Reserve and uses email spoofing to look like it was sent from “[email protected]”. According to Sophos, here’s what the email says to lure its victims:
The Wire transfer , recently sent from your bank account , was not processed by the FedWire.
Transfer details attached to the letter.
This service is provided to you by the Federal Reserve Board. Visit us on the web at website
To report this message as spam, offensive, or if you feel you have received this in error, please send e-mail to email address including the entire contents and subject of the message. It will be reviewed by staff and acted upon appropriately
It includes an attachment called PAYMENT RECEIPT 30-04-2013-GBK-75.zip. If opened, this attachment infects Windows PCs with a Trojan virus. Named for the Trojan horse of myth, these viruses sneak into your system and then open the doors for a hacker to take control.
Trojan viruses can result in scrambled hard drives, compromised finances and even identity theft.
Use These 5 Tips So You Don’t Get Hooked by Phishing
Although phishing emails present a serious threat to consumers, the good news is that they’re easy to avoid. Observe the following tips to stay safe:
1. Know the red flags. A phishing email is easy to spot if you learn the warning signs. Look for poor spelling, grammar and bad punctuation. The Federal Reserve phishing spoof uses random capitalization and improper comma placement in the first sentence.
Also consider the alleged source; if this was really from the government, the email would include an official seal or other graphical formatting. Just remember that some sophisticated phishing emails do feature graphics, so a logo alone isn’t enough to verify that it’s legit.
2. See how they address you. Does the email address you by your real name? Or does it just say something generic, like “user”? Or is there no salutations at all? A legitimate message will always address you by your real name (or at least your actual username for the site).
Note that this phishing email above doesn’t have a salutations; it simply jumps into the message without addressing you. A real message from the Federal Reserve or any other government body would include your name.
3. Think about context. Read the message and think about whether it actually applies to you.
Many phishing emails use a generic angle that could apply to anyone, but if you stop to consider your circumstances, you’ll find that it doesn’t make any sense.
For example, the Federal Reserve phishing email assumes that you sent a wire transfer using FedWire. Have you? No? Then this message doesn’t apply and the email is a scam. If you have sent a wire transfer, or if you’re just not sure, go to your bank directly instead of clicking the email.
Any message that’s actually from your bank will also be available on your bank’s website, or you can call customer service.
4. Trust your gut (and your email service). Follow your instincts about suspicious emails. Chances are, if you think it’s a scam, you’re probably right.
Additionally, many email services like Gmail include powerful spam filters and malware-blocking tools. If the message is flagged for being harmful, trust your email provider’s warning. Delete the message right away.
5. Use anti-virus software. Anti-virus software is the cornerstone of cyber security. Due to all the personal information we store on our computers, it’s vital to protect yourself with a firewall and the latest anti-virus software. Keep this software up-to-date and always turned on. Schedule regular system scans to be extra safe.
If you think you’ve received a phishing email — especially if you’ve opened it — scan your computer for viruses right away. If you don’t have an anti-virus software, try a free program like Avira or AVG.
Ever Been Hacked by an Email?
Have you ever been hacked by a phishing email? What are your cyber safety tips? Share your thoughts in the comments.