Wednesday, September 21, 2011

NACHA Phishing Emails Still Making Rounds

NACHA Phishing Email Received 9/20/11Despite the National Automated Clearing House Association (NACHA) making it publicly known that they do not communicate with individuals or companies regarding ACH transactions, let alone process them, internet scammers are still using NACHA’s name to trick unsuspecting users into downloading malicious content.

Phishing emails pretending to be coming from NACHA feature headlines similar to:

  • “ACH transfer cancelled 2611403”

  • “ACH report 772281382”


Inside the phishing emails, there will be a message stating that a recent ACH transaction has been cancelled along with an attachment that’s likely hiding a Trojan (like Zeus) or virus.

Here’s a sample NACHA phishing email:
ACH Payment Canceled

The ACH transaction (ID: 2611403), recently initiated from your checking account (by you or any other person), was canceled by the other financial institution.
Rejected transaction
Transaction ID: 2611403
Reason for rejection: See details in the attachment
Transaction Report: report_092011-78.pdf.exe (self-extracting archive, Adobe PDF)

13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703)561-1100 2011 NACHA - The Electronic Payment Association

As you can tell from the screenshots above, a few obvious red flags are raised upon inspecting these emails:

  • They’re coming from the email addresses cPta2D8A3y[at]gmail.com & yyzYXASo35[at]gmail.com, which are obviously not NACHA email addresses.

  • There are multiple recipients, which is odd for an email pretending to have sensitive information. Why would all of these people be attached to an email supposedly related to an ACH payment that I made?


Downloading the attached file can prove disastrous, since there’s a good chance it will contain a Zbot (also known as Zeus), which will install a keylogger to capture banking information typed on your computer.

Protect your computer by running antivirus software on your computer and make sure it’s set to update automatically. Proceed with caution when downloading files sent via email and be sure to scan any downloaded file with your antivirus software.

If you suspect your computer has been infected with a Trojan, spyware, malware, or a virus, Hyphenet offers virus removal services to rid your PC of dangerous infections. To learn more about Hyphenet’s PC repair services, call 619-325-0990 or contact us online.

No comments:

Post a Comment