Fraud Alerts

Fraud Alert: NACHA is being targeted by the Jabber/Zeus Trojan

Random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction." This e-mail appears to be from NACHA - The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which almost certainly leads to a Jabber/Zeus malware download. Information about Jabber/Zeus Trojan can be found at ISAC Advisories 2009-10-009, 2009-06-036 and 2009-06-012.

= = = = = Sample E-mail = = = = = =
From: nacha.org [mailto:report@nacha.org] Sent: Thursday, November 12, 2009 10:25 AM To: Doe, John Subject: Rejected ACH transaction, please review the transaction report

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report (this is how the link is presented)
Sanitized link:

hxxp://nacha[DOT]org[DOT]fffazsa[DOT]org[DOT]uk/ACHNetwork/Unauthorized/report[DOT]php?transaction_id=3D00149589098593&reference=3D822741659237684356904818198557124583214180193361899444733=20
= = = = = End of Sample E-mail = = = = = =

Financial institutions and/or companies should be aware that the e-mail did not originate from NACHA, nor the website belongs to NACHA.

NACHA is aware of the phishing attack and has an article on their home page at www.nacha.org.

What you can do to portect yourself:

  • Do NOT click on this ink
  • Do NOT trust unsolicited email
  • Do not reveal personal or financial information over the internet, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Be suspicious of unsolicited email messages from individuals asking about employees, or soliciting sensitive client or confidential company information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Ask for a reference number and advise the caller that you will contact them at their publicly identified call center number.
  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including security officers.
  • Review antivirus software specific removal guidelines for the malware.
  • Keep systems up-to-date with the latest patches and anti-virus signatures.
  • Implement URL filtering.
  • Employ the use of a spam filter.
  • Create a security-aware culture. This requires the commitment of the executive staff, the involvement of all employees, and effective security policies and procedures for everyone tied to the organization, and a broad awareness and training program.
  • Consider reporting the attack to law enforcement, or file a suspicious activity report if conditions warrant reporting.

Contact: