Not-for-profit financial organization NACHA, which oversees an electronic payment system called the Automated Clearing House (ACH) Network, has issued an immediate release today in response to a surge in spam e-mails part of a phishing attack.
The release, posted to the official NACHA Web site, reads:
Random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction." This e-mail appears to be from NACHA - The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly executable virus with malware.
Here is a sample e-mail:
From: nacha.org [mailto:firstname.lastname@example.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report LINK
NACHA urges consumers to ignore these e-mails and not to click the link, which it says is likely associated with a virus.