Issue 151 - April, 2013 (1st Edition) - Page 12
ACH Processing Service Malware Email
Message purporting to be from the Automated Clearing House (ACH) claims that a file submitted by a user has been successfully processed and invites recipients to click a link to read more information about the large sum transactions listed.
The email is not from ACH and the transactions listed in the message are not genuine. The link in the email opens a compromised website that harbours information-stealing malware.
ACH file ID "111.890" has been done with errors
ACH Processing Service
We have successfully processed ACH file 'ACH2013-03-20-7.txt' (id '111.890') submitted by user *********' on '2013-03-20 2:47:64.0'.
Item count: 32
Total debits: $6,268.00
Total credits: $6,268.00
For more info visit this link
This email, which purports to be from the Processing Service at America's Automated Clearing House (ACH), claims that a file submitted by a user has been successfully processed. The message includes a summary of the file that lists large sums of money as total debits and credits. Users are invited to follow a link to find out more information about the processed file and transactions.
However, the message is not from ACH and the information about a supposed file is nothing more than the bait used to entice recipients into clicking the link. In fact, the message is an attempt to trick users into infecting their computers with malware.
The criminals responsible for this attack hope that at least some recipients, panicked by the large sums of money mentioned in the bogus email, will click the link without due forethought.
Those who do click the link will be taken to one of several websites that harbour malware. Once downloaded, such malware can typically make connections with remote servers controlled by criminals, download and install further malware components and harvest personal and financial information from the infected computer.
Scammers have targeted the ACH and the entity's managing body NACHA for several years. Some have been malware attacks such as this one. Others have been phishing scams intent on tricking people into divulging their personal and financial information. The ACH is an official funds transfer system that processes large volumes of credit and debit transactions in the United States and this makes it an attractive target for scammers.
Neither ACH nor NACHA will ever send you an unsolicited email that asks you to open an attachment or follow a link and supply personal information. If you receive an email that claims to be from the ACH or NACHA, do not open any attachments that it may contain. Do not follow any links in the email. Do not reply to the email or supply any information to the senders.
Last updated: March 22, 2013
First published: March 22, 2013
By Brett M. Christensen
Pages in this issue:
- Viral Facebook Message Falsely Claims that a Pictured Man is Posing as an RSPCA Officer and Stealing Dogs
- 'Bad Brit' - Nigel Farage and the Tory Party's Worst Nightmare
- Digital Pad ATM Skimming Device Warning
- UK National Lottery Scams
- Gun Owner Vehicle Tagging Hoax
- Carol's Story - Dating Scam
- Message Calls For Boycott of Starbucks For Its 'Attack on Traditional Marriage'
- Ransomware Warning
- Use Left Ear For Mobile Phone Hoax
- Bogus Warning - White Transit Van 'RH57 WSU' Trying To Steal Dogs
- Urban Legend - Couple Arrested at Airport with Dead Baby Stuffed With Drugs
- ACH Processing Service Malware Email
- Baby With Bong Protest Message
- Linda Singh - Blackberry Money for Forwarding Hoax
- Hoax - 'Punjab Rape Festival'
- Beware - 'Unsealed' Product Giveaways on Facebook
- DHL Notification Malware Email
- Fake CNN Emails About Pope Point to Malware
- Angolan Witch Spider - Giant Spider Hoax
- Bogus Health Warning - Scratch Card 'Silver Nitro Oxide' Coating Causes Skin Cancer
- March 2013 - Five Fridays, Five Saturdays, Five Sundays
- Australian Tax Refund Scam Email
- 'Confidential Document' Google Docs Phishing Scam