Phishing Scam Attacks Payment Transfer Organization NACHA
A fresh malicious e-mail campaign is reportedly aiming attack against a financial transfer system that transacts trillions of dollars every year. The campaign has proved extremely lucrative target for online fraudsters, as reported by PCWorld dated November 13, 2009.
Apparently, the spam mails pose as communications from the NACHA (National Automated Clearing House Association) an association in the US that runs on a no-profit-no-loss basis and supervise the ACH (Automated Clearing House).
The e-mails contain a web-link that craftily leads users to a phony NACHA page, which in turn shows a link leading to a "transaction report" but in the form of an .exe file, a clue that suggests it could be fraudulent. Nevertheless, the .exe archive is made to appear genuine as its creators stating that it's certain PDF archive which unfolds itself automatically.
The executable archive is certainly Trojan Zbot and the campaign being one among the lot of scams, which security researchers have lately said targeted MySpace, Fecebook, Microsoft Updates, IRS and more.
Once run, the executable would load Zbot also called Zeus, a malware that steals banking credentials and digs out the validation particulars necessary for carrying out an ACH transaction, reports M86 Security.
The campaign is significant because it is extensively popular. Any person who has conducted any form of electronic payment might be inquisitive of this e-mail, unlike a standard e-mail phishing scam that attacks a bank or financial institution. Clearly, the NACHA scam designers are seeking an opportunity of the highest order to reap money in case they are able to load the Zbot on their victim(s)' computer.
Furthermore, the domain names that the scammers have used contain random characters ending with nacha.org. However, although there isn't any direct participation by the NACHA in the payment process, yet the fraudsters have unleashed an e-mail campaign that spoofs the Association stating that it is not possible to approve a particular ACH payment.
Meanwhile, the NACHA has alerted through its website that it doesn't e-mail to any person or organization regarding any ACH transaction, which the Association receives or initiates.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 24-11-2009