Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Security firm WebRoot is warning of a new phishing attack that is targeting users of Nacha, the not-for-profit organisation that runs the Automatic Clearing House network.
WebRoot said the firm, which is used by more than 15,000 banks and handled about 18 billion electronic transfers last year alone, has become the target of miscreants trying to spoof its domains and con email users out of their bank account details.
Andrew Brandt, writing on the WebRoot blog, said, "When the world’s largest clearing house for transfers of funds between banks supposedly sends you an email like this one, you probably would perk up and pay attention."
He added: "The email’s dire warning reads, 'The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association'. It’s a scam. The intended reaction: the victims panic, click the link, and are sucked into the scam. Please don’t let this happen to you."
Brandt said anyone who clicks on the link is taken to a web site hosting a phishing trojan, which once downloaded will hide itself and steal login details. On top of this – and this is where Brandt said things got interesting – the user is redirected through a number of drive-by web sites that also try to install an infection on the computer.
Brandt urged users to keep their wits about them. "If you remain vigilant and treat unexpected emails from unfamiliar entities, that supposedly alert you to financial transactions, with suspicion, you can easily avoid dirty tricks like this one," he said.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.