Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter
Guidance on Safeguarding Customers Against E-Mail and Internet-Related Fraudulent Schemes
TO: CHIEF EXECUTIVE OFFICER (also of interest to Chief Information Officer) 
SUBJECT: Guidance on Safeguarding Customers Against E-Mail and Internet-Related Fraudulent Schemes 
Summary: The FDIC is alerting financial institutions to the increasing prevalence of e-mail and Internet-related fraudulent schemes targeting financial institution customers. The attached guidance provides financial institutions with background information on these schemes and describes how institutions can assist in protecting their customers. 

In view of the recent increased outpouring of e-mail and Internet-related fraudulent schemes, the Federal Deposit Insurance Corporation (FDIC) has prepared the attached guidance to assist financial institutions in helping their customers avoid becoming victims. These schemes are being perpetrated with mounting frequency, intensity and creativity. They typically involve the use of seemingly legitimate e-mail messages and Web sites to deceive consumers into disclosing sensitive information, such as bank account information, with the ultimate goal of gaining access to financial accounts or committing identity theft and other illegal acts. Many of the schemes reported recently have targeted financial institution customers.

Financial institution customers who provide confidential information to criminals engaging in e-mail and Internet-related fraudulent schemes face immediate risk. Criminals will normally act quickly to gain unauthorized access to financial accounts, commit identity theft or engage in other illegal acts before the victim realizes the fraud has occurred and takes actions to stop it. In addition, a financial institution that has been impersonated is subject to risk to its reputation, as customers and potential customers may attribute the activity to a perceived weakness in the institution's ability to conduct business securely and responsibly.

Financial institutions should promptly notify their FDIC Regional Office and the appropriate authorities if an e-mail or Internet-related fraudulent scheme is detected. Financial institutions should also report the incident to the appropriate law enforcement agencies and file a Suspicious Activity Report. Any information about possible fraudulent schemes may also be forwarded to the FDIC's Special Activities Section, 550 17th Street, N.W., Room F-4040, Washington, D.C. 20429, or transmitted electronically to

For more information about safeguarding customers from e-mail and Internet-related fraudulent schemes, please contact your FDIC Division of Supervision and Consumer Protection Regional Office or William H. Henley, Jr., Examination Specialist, at (202) 898-6513.

For your reference, FDIC Financial Institution Letters may be accessed from the FDIC's Web site at

Michael J. Zamorski


Division of Supervision and Consumer Protection


FDIC-Supervised Banks (Commercial and Savings)


Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center , 801 17 th Street, NW , Room 100, Washington , DC 20434 (1-877-275-3342 or (703) 562-2200).

Last Updated: March 12, 2004