What's happening: NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent e-mail that has the appearance of having been sent from NACHA. See NACHA's press release below
What it means: Cybercriminals are attempting to lure unsuspecting businesses to a web site that will infect their computers with malware.
What to do: Don't fall victim to these phishing attacks. Always be suspicious. Ask yourself: "Does this email make sense?" Make sure technology defenses are in place in case you slip.
**********************************
NACHA Phishing Alert (11/12/2009) E-mail Claiming to be from NACHA
NACHA – The Electronic Payments Association has received reports that individuals and/or
companies have received a fraudulent e-mail that has the appearance of having been sent from
NACHA. See sample below.
The subject line of the e-mail states: “Rejected ACH Transaction.” The e-mail includes a link
which redirects the individual to a fake web page which appears like the NACHA Web site and
contains a link which is almost certainly executable virus with malware. Do not click on the link.
Both the e-mail and the related Web site are fraudulent.
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and
software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or
otherwise unusual.
NACHA itself does not process nor touch the ACH transactions that flow to and from
organizations and financial institutions. NACHA does not send communications to individuals or
organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or
anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
Always use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches
are installed and current.
Be alert for different variations of fraudulent e-mails.
= = = = = Sample E-mail = = = = = =
From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic
Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented)
------------------------------------------------------------------
Copyright ©2009 by NACHA - The Electronic Payments Association
= = = = = = = = = = = = = = = = = = =
Citadel Information Group
Information Security Management for Business and the Not-for-Profit Community
www.citadel-information.com
Delivering Information Peace of Mind ®
www.citadel-information.com
Delivering Information Peace of Mind ®
Posts
Search This Blog
Index of Topics
- Business at risk (115)
- Citadel in the news (7)
- Citadel Information Security Guides (8)
- Citadel: Guide to Blog (1)
- Citadel: Thinking about Security (10)
- Cloud Security (2)
- Consumers at risk (13)
- Credit card fraud (14)
- Culture Change (1)
- Financial systems security (67)
- Healthcare (7)
- Identity theft (30)
- Insurance (1)
- Internet badlands (113)
- ISSA-LA (2)
- Law Firms (2)
- Legal (23)
- Miscellany (6)
- national security (46)
- Not-for-Profit (5)
- Privacy (27)
- Ray of Sunshine (15)
- School security (3)
- Security Alert: Vulnerability Management (74)
- Security management (24)
- Security Research (5)
- Security Surveys (13)
- Social Engineering (1)
- Social networks (13)
Blog Archive
-
►
2011
(2)
- ► January 2011 (2)
-
►
2010
(237)
- ► December 2010 (6)
- ► November 2010 (9)
- ► October 2010 (7)
- ► September 2010 (8)
- ► August 2010 (13)
- ► April 2010 (39)
- ► March 2010 (65)
- ► February 2010 (38)
- ► January 2010 (27)
-
▼
2009
(83)
- ► December 2009 (17)
-
▼
November 2009
(7)
- Health Net healthcare data breach affects1.5 million
- Is Your Smartphone Eavesdropping on Your Conversta...
- UK Police Reveal Arrests Over Zeus Banking Malware
- Phishing Alert: “Rejected ACH Transaction.”
- Hundreds of Facebook Groups Hacked
- FBI Says Total On-Line Fraud Exceeds $100M and Con...
- IC3 Intelligence Note: Online Bank Fraud
- ► October 2009 (9)
- ► September 2009 (22)
- ► August 2009 (17)
- ► February 2009 (1)
Information Security Links
- Citadel Information Group
- Google Online Security Blog
- Information Systems Security Association
- Information Systems Security Association - LA Chapter
- InfraGard - Los Angeles
- Krebs on Security
- Microsoft Malware Protection Center
- MITRE CVE
- NIST Computer Security Resource Center
- Open Web Application Security Project (OWASP)
- Privacy Rights Clearinghouse
- SANS Internet Strom Center
- US CERT
Disclaimer
Citadel provides this blog as a public service to the community. We make no claim or representation that items posted on this blog are correct. We post "Security Alerts" primarily to assist readers manage security vulnerabilities on their personal home computers; these alerts are NOT comprehensive and are not to be relied upon as such.
(c) Copyright 2009-2010. Citadel Information Group. All Rights Reserved.
Permission is given to re-post and re-print blog postings provided that attribution is given to Citadel Information Group, the above copyright is included and the following link to our website is provided: www.citadel-information.com
(c) Copyright 2009-2010. Citadel Information Group. All Rights Reserved.
Permission is given to re-post and re-print blog postings provided that attribution is given to Citadel Information Group, the above copyright is included and the following link to our website is provided: www.citadel-information.com