Beware: NACHA Spam Scam

NACHA manages the development, administration, and governance of the ACH (Automated Clearing House) Network, the backbone for the electronic movement of money and data.  The ACH Network provides direct consumer, business, and government payments, facilitating billions of payments annually, such as Direct Deposit and Direct Payment.  As a not-for-profit association, NACHA represents nearly 11,000 financial institutions via 17 regional payments associations and direct membership.

NACHA continues to be spoofed in sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA.  The attacks are occurring with greater frequency and increasing sophistication.  Perpetrators may also be exploiting email addresses recently stolen from Epsilon.  Remain vigilent, and do not fall prey to these scammers.

The email that I received appears in the following form:

These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient.  The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo (the above sample shows a logo placeholder) and the citation of NACHA’s physical mailing address and telephone number.  The link in my sample was obfuscated using a URL shortening service to hide its actual destination.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

Do not to open attachments or follow Web links in these or other unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.  Forward suspected fraudulent emails appearing to come from NACHA to to aid in their efforts with security experts and law enforcement officials to pursue the perpetrators.

If you did click on the link or open an attachment from a similar email, malicious code is detected, or suspected on a computer, consult with a computer security or anti-virus specialist to remove the malicious code or re-install a clean image of the computer system.  To protect yourself, always use anti-virus software and ensure that the virus signatures are automatically updated frequently.  Ensure that the computer operating systems and common software application security patches are installed and current.