Nastygram: Beware the NACHA gotcha
Cyber thieves on Thursday began blasting out millions of e-mails impersonating NACHA - The Electronic Payments Association, a not-for-profit group that develops operating rules for organizations that handle electronic payments, from payroll direct deposits to online bill pay services.
The missives in this latest scam arrive with various subject lines, but all complain about an unauthorized, rejected or failed ACH transaction. Most regular Internet users probably will ignore this message, as few people probably even know what ACH stands for (ACH, or "automated clearing house" refers to the electronic network used by banks to process credit and debit transactions in batches). That's likely just fine with the attackers, who appear to be targeting bookkeepers at small to mid-sized companies -- people who actually recognize what a failed or rejected ACH transaction can mean for their business's bottom line and reputation.
According to an alert at the real NACHA Web site, the bogus messages look something like this:
From: nacha.org [mailto:firstname.lastname@example.org] Sent: Thursday, November 12, 2009 10:25 AM To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below.
Unauthorized ACH Transaction Report (this is the how the link is presented)
Recipients who click the link in the e-mail are brought to a counterfeit NACHA Web site that offers a phony "transaction report" that harbors a copy of Zeus/Zbot. This same piece of malware has been responsible for attacks on thebanking accounts of dozens of businesses chronicled by Security Fix over the past few months, exploits that have cost individual companies hundreds of thousands of dollars.
Researchers at the University of Alabama, Birmingham are tracking more than 30 fake NACHA sites that are serving malicious software in connection with this attack. The school reports that only about 16 out of 41 popular anti-virus products currently detect the "transaction report" as malicious.
November 12, 2009; 6:44 PM ET
Categories: Latest Warnings , Nastygram , Safety Tips | Tags: nacha, zeus
Save & Share: Previous: Brazilian Govt: Soot, not hackers, caused '07 blackouts
Next: Security update for Apple's Safari Web browser
Posted by: mhenriday | November 13, 2009 8:49 AM | Report abuse
Posted by: nullconnect | November 13, 2009 10:19 AM | Report abuse
Posted by: fchaffin | November 13, 2009 3:28 PM | Report abuse
Posted by: hhhobbit | November 18, 2009 3:51 AM | Report abuse
The comments to this entry are closed.