UPDATE: This appears to have been a pen-test.
There are reports (via ISC) that US Banking institutions have been subject to phishing attempts via snail mail.
Reportedly, the Credit Unions receive a package containing a letter from the NCUA and a CD with training material on it. If indeed the training material is actually malware, then one would suspect it is most likely to consist of some backdoor Trojan or a keylogger.
The NCUA press release give slightly more information on this threat with some instructions on what to do if you do receive the letter:
- You should contact your NCUA Regional Office
- or the NCUA Fraud Hotline at 1-800-827-9650
Added to this advice please contact your AV supplier and forward them a copy of the CD.
You can contact Sophos via:
3 Van de Graaff Drive