Email Scam on Automated Clearing House

There’s an email doing the rounds lately, purportedly from the Electronic Payments Association. The subject is “ACH Transfer canceled” (ACH stands for Automated Clearing House). The email contains the following:

The ACH transaction (ID: 236615172054), recently initiated from your checking account (by you or any other person), was rejected by the other financial institution.

Canceled transfer
Transaction ID:  236615172054
Reason of rejection See details in the report below
Transaction Report  report_236615172054.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

2011 NACHA – The Electronic Payments Association

This is eerily similar to previous scam emails and a quick search reveals that it is indeed a scam. The NACHA, an association formed to “establish uniform operating rules for the exchange of Automated Clearing House (ACH) payments among ACH associations”, has issued an advice on this matter, reproduced here for convenience:

Fraudulent Emails Appearing to Come from NACHA (Action Requested)

Ensure that Frontline Staff Understand Sustained and Evolving Nature of Attacks

Action Requested

NACHA requests that financial institutions, billers, and payment providers ensure that their frontline staff — those who interact with customers — understand the sustained and evolving nature of these attacks. Organizations may wish to consider designating a focal point to coordinate communications and awareness internally and with customers. Kindly instruct customers to forward fraudulent emails they receive that appear to come from NACHA to abuse@nacha.org for analysis.

Background

Further to previous Members Memos and notices made available on our website since February 2011, NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators may also be exploiting email addresses recently stolen from Epsilon.

These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

Caution your customers not to open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Direct them to forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.org to aid in our efforts with security experts and law enforcement officials to pursue the perpetrators.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.

Leave a Reply

Your email address will not be published. Required fields are marked *