Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation



ACH Processing Service Malware Email

Outline
Message purporting to be from the Automated Clearing House (ACH) claims that a file submitted by a user has been successfully processed and invites recipients to click a link to read more information about the large sum transactions listed.

ACH Malware

Depositphotos.com/compressor



Brief Analysis
The email is not from ACH and the transactions listed in the message are not genuine.  The link in the email opens a compromised website that harbours information-stealing malware.
 

Bookmark and Share
Example
ACH file ID "111.890" has been done with errors

ACH Processing Service

SUCCESS Information
We have successfully processed ACH file 'ACH2013-03-20-7.txt' (id '111.890') submitted by user *********' on '2013-03-20 2:47:64.0'.

FILE SUMMARY:

Item count: 32
Total debits: $6,268.00
Total credits: $6,268.00
For more info visit this link



ACH Processing Service Malware

Detailed Analysis
This email, which purports to be from the Processing Service at America's Automated Clearing House (ACH), claims that a file submitted by a user has been successfully processed. The message includes a summary of the file that lists large sums of money as total debits and credits. Users are invited to follow a link to find out more information about the processed file and transactions.


However, the message is not from ACH and the information about a supposed file is nothing more than the bait used to entice recipients into clicking the link. In fact, the message is an attempt to trick users into infecting their computers with malware. 

The criminals responsible for this attack hope that at least some recipients, panicked by the large sums of money mentioned in the bogus email, will click the link without due forethought.

Those who do click the link will be taken to one of several websites that harbour malware. Once downloaded, such malware can typically make connections with remote servers controlled by criminals, download and install further malware components and harvest personal and financial information from the infected computer.

Scammers have targeted the ACH and the entity's managing body NACHA for several years. Some have been malware attacks such as this one. Others have been phishing scams intent on tricking people into divulging their personal and financial information. The ACH is an official funds transfer system that processes large volumes of credit and debit transactions in the United States and this makes it an attractive target for scammers.

Neither ACH nor NACHA will ever send you an unsolicited email that asks you to open an attachment or follow a link and supply personal information. If you receive an email that claims to be from the ACH or NACHA, do not open any attachments that it may contain. Do not follow any links in the email. Do not reply to the email or supply any information to the senders. 



Bookmark and Share


Last updated: March 22, 2013
First published: March 22, 2013
By Brett M. Christensen
About Hoax-Slayer

References
ACH Payment Canceled Malware Email