Cyber thieves have begun blasting out millions of e-mails impersonating NACHA - The Electronic Payments Association, a not-for-profit group that develops operating rules for organizations that handle electronic payments, from payroll direct deposits to online bill pay services.
The missives in this latest scam arrive with various subject lines, but all complain about an unauthorized, rejected or failed ACH transaction. Most regular Internet users probably will ignore this message, as few people probably even know what ACH stands for (ACH, or "automated clearing house" refers to the electronic network used by banks to process credit and debit transactions in batches). That's likely just fine with the attackers, who appear to be targeting bookkeepers at small to mid-sized companies - people who actually recognize what a failed or rejected ACH transaction can mean for their business's bottom line and reputation.
According to an alert at the real NACHA Web site, the bogus messages look something like this:
From: nacha.org [mailto:firstname.lastname@example.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below.
Unauthorized ACH Transaction Report (this is how the link is presented)
Recipients who click the link in the e-mail are brought to a counterfeit NACHA Web site that offers a phony "transaction report" that harbors a copy of Zeus/Zbot. This same piece of malware has been responsible for attacks on the banking accounts of dozens of businesses chronicled by Security Fix over the past few months, exploits that have cost individual companies hundreds of thousands of dollars.