Phishing Emails Not From NACHA
NACHA - The Electronic Payments Association - has issued an advisory to all financial institutions and their customers about phishing emails designed to appear as if they were sent from NACHA warning users about failed ACH transactions. The e-mail includes a link that, if clicked, redirects the individual to a fake web page that appears to be a NACHA website and contains a link that almost certainly leads to a Jabber/Zeus malware download.
This phishing attempt is not targeted specifically at any single financial institution. It is being sent broadly across the Internet.
NACHA is aware of the phishing attack.
Learn to Recognize Fraudulent Emails
Fraudulent emails (phishing) and websites can be very sophisticated, and may look identical to NACHA emails and websites. Fraudsters can even tamper with the sender information in an email to make it appear even more legitimate. Although fraudsters use various tactics in their phishing attacks, there are common elements with which you should familiarize yourself.
- Authenticate Email Address: Email addresses can be spoofed. Inherent in the email communications channel is a reliance on the recipient of an email to authenticate that the email is from the party that indicates it is from, i.e. an email sent by nacha.org from our association's publicly registered and authorized IP address and server. Some Internet Service Providers (ISPs) and spam filters have stronger authentication than others to validate that the email originated is from the authentic IP address and domain name server.
- Typos: This isn’t because fraudsters don't know how to spell, it’s so phishing emails won’t be blocked by email filters.
- Awkward Greeting: A phishing email may not refer to the email recipient by name or in a nonsensical manner “Client(s)”.If you have any doubts about the authenticity of an email, do not respond, call the sender or type in the web address.
- Sense of Urgency: An urgent need to communicate with you for your own security, or a request to verify payment information immediately; compelling language that urges the recipient to take action.
- Random Generation of Numbers: A phishing email may contain a random sequence of numbers, such as ACH Payment #38350555 canceled, that can also be inserted into the subject line or text of the email to make it appear as though it is a specific transaction ID or payment amount. That random number can also be inserted into the file name of the pdf.exe file or pdf.zip file, creating a sense of uniqueness and legitimacy.
- Incorrect Grammar: Another tactic used to bypass email filters. In this phishing example refer to, "Detailed report on initiated transactions are reason..”
- Strange or Unfamiliar Links: The links may look official, but when the mouse cursor rolls over the link the link source code points to a completely different website which may contain malware as a pdf executable file or pdf zip. Never open attachments, click on links, or respond to emails from suspicious or unknown senders.
- Fraudulent Use of Legitimate Business Logo, Website, Address, Phone: Fraudsters often insert actual identification references to a business into their phishing emails to make them appear legitimate.