Phishing Scheme Targets E-Payment Rule-Maker, NACHA

by


Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20091112_nacha_logoComing on the heels of similar fraud schemes that targeted victims using the names of such familiar institutions as the FDIC, IRS, and HMRC, scammers are trying to get people to infect their own computer using a different organization’s name—one that is probably unfamiliar to most people. NACHA is a not-for-profit association that “oversees the Automated Clearing House (ACH) Network, a safe, efficient, green, and high-quality payment system.” In other words, they write the rules for the organizations that run the pipes through which money flows between banks and businesses–the circulatory system of the financial world.

In fact, more than 15,000 banks passed 18 billion electronic transactions through the ACH in 2008 alone. ACH is a linchpin in the world’s financial system. But as a rule-making body, NACHA also typically acts behind the scenes, which is why most people who don’t work in the financial services industry probably have never heard of them.

That said, when the world’s largest clearinghouse for transfers of funds between banks supposedly sends you an email like this one, you probably would perk up and pay attention:

20091112_nacha_email

The email’s dire warning: “The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association.”

But it’s a scam, as you probably already guessed.

The intended reaction: The victims panic, click the link, and are sucked into the scam. Please don’t let this happen to you.

Like the scams that employ the names of the IRS, HMRC, and FDIC — and related scams featuring Facebook and MySpace “update” utilities — The NACHA phishing scheme is a coordinated attack, beginning with a spam message with an embedded link that leads victims to one of dozens of websites hosting a phishing Trojan, designed to look like NACHA’s corporate website.

20091112_nacha_phishpage_crop

The page, headed “Unauthorized ACH Transaction Report” implores you to download a file that allegedly details the nature of this “transaction” but — if you’re a regular reader of the blog, you can guess what happens next. The Trojan-Backdoor-Zbot phishing Trojan, once installed, is a keen thief of login credentials.

20091112_new_irs_phishpage_crop

At the same time, the scammers are continuing to drive the hackneyed, mirror-image IRS fraud on bald tires, but the latest iteration of this scam includes a new twist: Once you’ve downloaded the tax-themed Zbot installer, the fake IRS download page redirects you through a series of drive-by Web sites that, eventually, attempt to push an infection we call Worm-Echo onto the victim’s computer.

Users of our product can easily remove both Zbot and Worm-Echo from an infected computer, but in the end, isn’t it better not to become a victim in the first place? It looks like cybercriminals are trying to make this a banner holiday season for phishing scams. But if you remain vigilant and treat unexpected email from unfamiliar entities, that supposedly alerts you to financial transactions, with suspicion, you can easily avoid dirty tricks like this one.

wordpress blog stats

Trackbacks

  1. [...] newest victim of the faux-Web-sites-posing-as-government-pages scam is the Centers for Disease Control and Prevention. In the [...]

  2. [...] newest victim of the faux-Web-sites-posing-as-government-pages scam is the Centers for Disease Control and Prevention. In the [...]

  3. [...] legitimate origin were banks, or government organizations (both in the US and elsewhere), trade groups, or financial institutions, or even Microsoft itself. The A-list organizations spoofed by these [...]

  4. [...] legitimate origin were banks, or government organizations (both in the US and elsewhere), trade groups, or financial institutions, or even Microsoft itself. The A-list organizations spoofed by these [...]

  5. [...] many of the previous Zbot campaigns (such as those targeting the IRS, CDC, Visa, and other organizations, as well as software programs like Microsoft Outlook, or Web sites such as Facebook), [...]

  6. [...] the scammer sets up Web sites in the guise of such notable organizations as the IRS, CDC, Visa, and other organizations, or software programs like AOL Instant Messenger and Microsoft Outlook, or Web sites [...]

  7. [...] might send you an e-mail that offers a quick refund — or a warning about a problem with your already-filed tax return. Maybe they’ll pitch you with an [...]

  8. [...] the Web sites belonging to Visa, Bank of America, the FDIC, the American Bankers Association, NACHA, the IRS (and its equivalent British tax authority), as well as Amazon.com, iTunes, Facebook, [...]

  9. [...] which contain dangerous file attachments. If you receive a message, purportedly from the IRS (or some other government agency), which has a file attached, don’t open the attachment. Over the past year, we’ve also [...]

  10. [...] names of companies referenced in the spam email we’ve been receiving: The trade association NACHA; UPS, DHL, the US postal service (whose initials, USPS, these criminal masterminds cannot help but [...]