What’s happening: NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. See NACHA’s press release below
What it means: Cybercriminals are attempting to lure unsuspecting businesses to a web site that will infect their computers with malware.
What to do: Don’t fall victim to these phishing attacks. Always be suspicious. Ask yourself: “Does this email make sense?” Make sure technology defenses are in place in case you slip.
NACHA Phishing Alert (11/12/2009) E-mail Claiming to be from NACHA
NACHA – The Electronic Payments Association has received reports that individuals and/or
companies have received a fraudulent e-mail that has the appearance of having been sent from
NACHA. See sample below.
The subject line of the e-mail states: “Rejected ACH Transaction.” The e-mail includes a link
which redirects the individual to a fake web page which appears like the NACHA Web site and
contains a link which is almost certainly executable virus with malware. Do not click on the link.
Both the e-mail and the related Web site are fraudulent.
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and
software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or
NACHA itself does not process nor touch the ACH transactions that flow to and from
organizations and financial institutions. NACHA does not send communications to individuals or
organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or
anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches
are installed and current.
Be alert for different variations of fraudulent e-mails.
= = = = = Sample E-mail = = = = = =
From: nacha.org [mailto:firstname.lastname@example.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic
Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented)
Copyright ©2009 by NACHA – The Electronic Payments Association
= = = = = = = = = = = = = = = = = = =