Phishing via snail mail – Shishing?

UPDATE: This appears to have been a pen-test.

There are reports (via ISC) that US Banking institutions have been subject to phishing attempts via snail mail.

Reportedly, the Credit Unions receive a package containing a letter from the NCUA and a CD with training material on it. If indeed the training material is actually malware, then one would suspect it is most likely to consist of some backdoor Trojan or a keylogger.

The NCUA press release give slightly more information on this threat with some instructions on what to do if you do receive the letter:

  • You should contact your NCUA Regional Office
  • or the NCUA Fraud Hotline at 1-800-827-9650

Added to this advice please contact your AV supplier and forward them a copy of the CD.

You can contact Sophos via:

Sophos Inc.
3 Van de Graaff Drive
2nd Floor
Burlington, MA

Tel: 781-494-5800
Fax: 781-494-5801