WASHINGTON (AP) - The Federal Deposit Insurance Corporation and VeriSign Inc., which manages domain registry names, say fraudulent e-mails claiming to be from them should be considered a malicious attempt to collect personal data.
The FDIC and VeriSign sent a memo Feb. 23 to various financial institutions warning them about the false e-mails, which request recipients to run a 'security guard script' to secure Web sites.
They FDIC said in a press release Friday that financial institutions and consumers should not download the attached file and should report any situations to the FDIC's Cyber-Fraud and Financial Crimes Section.
The e-mails say they are sent from 'FDIC Legal Information Technology,' 'FDIC Information Security,' or 'Verisign Inc.'
The subject lines include the phrase, 'Regular Security Maintenance' or 'Regular Hosting Security Maintenance.'
The content of the e-mails say, 'to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file 'vprotect.php' in: './public--html' or (for Windows Based servers) in: './http://wwwroot'in your site.'
The FDIC is working with the U.S. Computer Emergency Readiness Team to determine the exact effects of the file, but the agency warned it should be considered a malicious attempt to collect personal or confidential information.
The FDIC's Cyber-Fraud and Financial Crimes Section's e-mail address is alert@fdic.gov. Its address is 550, 17th St., NW, Room F-4004, Washington, D.C. 20429.
Copyright 2007 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.