NACHA Phishing Alert (July 22, 2010)
Email claiming to be from NACHA reported
EPCOR is sending this information on behalf of NACHA, additional information on this issue may be found at NACHA's website. Please alert any financial institution and/or company who have questions about this site and inform them that the e-mail did not originate from NACHA, the website is not that of NACHA's, and inform them to not click on the link.
The subject line of the e-mail states: "Unauthorized ACH Transaction." The e-mail includes a link that redirects the individual to a fake Web page and contains a link which is almost certainly an executable virus with malware. Do not click on the link. Both the e-mail and the related website are fraudulent.
Be aware that phishing e-mails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to:
Remove malicious code or re-install a clean image of the computer system.
Use anti-virus software and ensure that the virus signatures are automatically updated.
Ensure that the computer operating systems and common software applications security patches are installed and current.
Be alert for different variations of fraudulent e-mails.
= = = = = Sample E-mail = = = = = =
From: Information
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report
False E-mail Claiming to Be From the FDIC (July 6, 2010)
The subject line of the e-mails state, "you need to check your Bank Deposit Insurance Coverage." The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets." The e-mail then directs recipients to click on a link stating, "You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage."This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users' computers and should not click on the link provided.The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
Criminals often use names of organizations we all know to lure users into clicking links that may infect their computer. Users should always ask themselves if an email makes sense. If not, never click links or open attachments in the email. If suspicious, contact the agency directly to verify legitimacy.
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC. For more information you can visit the FDICs website.
For more, visit: http://mpx.informz.net/mpx/archives/archive_855894.html
Fraud Alert - Rejected ACH Transaction E-mails (November 2009)
Random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction." This e-mail appears to be from NACHA – The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly executable virus with malware. See sample below.
Please know that this e-mail did not originate from NACHA, the website is not that of NACHA’s, and do not click on the link.
= = = = = Sample Scam E-mail = = = = = =
From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Unauthorized ACH Transaction Report (this is the how the link is presented)
Fraud Alert - FDIC E-mails (October 2009)
The Federal Deposit Insurance Corporation (FDIC) has become aware of emails appearing to be sent from the FDIC that are asking recipients to download and open a "personal FDIC insurance file" to check their deposit insurance coverage. These e-mails are fraudulent and were not sent by the FDIC. The FDIC is attempting to identify the source of the e-mails and disrupt the transmission.
Currently, the subject line of the fraudulent e-mails includes the wording "check your Bank Deposit Insurance Coverage." The e-mails state: "You have received this message because you are the holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets."
The e-mails ask recipients to "visit the official FDIC website" by clicking on a hyperlink provided, which appears to be related to the FDIC and directs recipients to a fraudulent website. The website includes hyperlinks that appear to open forms. However, it is believed that clicking on the hyperlinks will cause an unknown executable file to be downloaded. While the FDIC is working with the United States Computer Emergency Readiness Team (US-CERT) to determine the exact effects of the executable files, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to online banking services or to conduct identity theft. Financial institutions and consumers should NOT access the website or download the executable files provided on the website.
Fraud Alert - Mystery Shopper Scam (September 2009)
We have been informed that scam artists posing as legitimate Mystery Shopping firms are sending letters to consumers offering a job to evaluate one or more leading money wire services. The letter is accompanied by a cashier's check with the Westfield bank logo and an incorrect toll-free number. The check is for several thousand dollars and the letter contains instructions to cash the check at a local bank and then wire the cash to a designated location. The letter directs the consumer to keep several hundred dollars as payment for services received from the money wire services. The cashier's check ultimately bounces and the consumer is left liable for the funds.
Please be cautious of anything you receive that seems too good to be true. A legitimate Mystery Shopping firm will never send you a cashier's check out of the blue or require you to send money to someone you have never met. The scam artists use realistic looking documents, the 'secret' nature of the job, and the 48-hour deadline to pressure consumers into cashing the check and wiring the money quickly before the bank or the consumer can determine it was a fake check. By then, it's too late.
The FBI and FINCEN have been contacted and notified of this fraud. If you receive one of these fraudulent letters, please contact us via email at Bank@westfieldgrp.com or via phone at 800.368.8930.
Do not deposit the 'enclosed check,' as it will be returned unpaid.
