US-CERT is aware of public reports of a fraudulent email scam circulating via messages that falsely appear to be from the U.S. Federal Reserve. These email messages contain information about a phishing scam and links for users to follow to obtain additional information about the scam. If a user follows the links, they will be redirected to a malicious website where a PDF exploit is used to install malicious code on the affected system.

US-CERT encourages users to do the following to help mitigate the risks:

• Do not follow unsolicited links
• Use caution when visiting untrusted websites
• Install antivirus software and keep the virus signatures up to date.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Relevant Url(s):

• http://www.us-cert.gov/cas/tips/ST04-014.html
• http://blog.trendmicro.com/bogus-federal-reserve-sites-deliver-pdf-exploit/
• http://www.us-cert.gov/reading_room/emailscams_0905.pdf

====

This entry is available at:

• http://www.us-cert.gov/current/index.html#u_s_federal_reserve_phishing