You may want to think twice about clicking any links in spam emails claiming to be from NACHA.The FBI issued a warning recently, notifying the public about a spear phishing campaign that cybercriminals have launched involving bank accounts (both personal & business), DDoS attacks, money mules, jewelry stores, and of course, a variant of the notorious Zeus Trojan horse.
The attack starts out with the victim receiving an authentic looking email from the National Automated Clearing House Association (NACHA) that claims that there was an issue with a bank transaction and they need to click a link for more information. Upon clicking the link, the victim’s computer will become infected with a nasty piece of malware known as “Gameover”, which is a modified version of the Zeus Trojan that steals banking information from compromised PCs via keylogging & form grabbing.
In a clever twist, once the banking details are captured the crooks launch a DDoS attack against the victim’s public-facing internet address, along with their financial institution, which the FBI believes “is used to deflect attention from the wire transfers as well to make them unable to reverse the transactions (if found)”.
The money mules came into play whenever one of the unauthorized wire transfers were sent to high-end jewelry stores, “wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired).” The FBI stated that a share of the unauthorized wire transfers were sent to jewelers, although they did not give an exact number.
According to the advisory:
Investigation has shown the perpetrators contact the high-end jeweler requesting to purchase precious stones and high-end watches. The perpetrators advise they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day, a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “pending” and releases the merchandise to the mule.
Unfortunately the targeted jewelry stores seem to be the ones taking the biggest hit, as they’re out whatever jewels the money mule makes off with once the bank reverses or cancels the unauthorized wire transfer.
NACHA has released multiple advisories to the public that they do not communicate with individuals or companies regarding ACH transactions, so I think it’s safe to say that you can ignore any emails pretending to come from them. Cybercriminals have been using NACHA’s name to infect PCs with malware for quite some time now.
Aside from steering clear of suspicious links and phishing emails, it’s always wise to protect your PC by running up-to-date antivirus software that offers real-time scanning and email filtering.
Photo Credit: Mykl Roventine
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
No comments:
Post a Comment