FDIC notification malware attack spammed out

Sophos’s worldwide network of honeytraps are intercepting a large amount of malicious email, claiming to come from the Federal Deposit Insurance Corporation (FDIC). The emails are designed to infect recipients’ computers.

Malicious FDIC notification email

Subject line:

FDIC Notification

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:

Dear customer,
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.

As soon as it is setup, you transaction abilities will be fully restored.

Best Regards, Online Security departament, Federal Deposit Insurance Corporation.

Attached to the emails is a file called FDIC_document.zip.

Sophos proactively detects the file, calling it Mal/BredoZp-B. Our advice is that you should not open the attachment as it will attempt to infect your Windows computer.

Take care folks, and remember to keep your security software up-to-date and your wits about you. You should always be suspicious of unsolicited email attachments.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.