Print this Page

Fraud Prevention


<< Back to Fraud Prevention Home

Fraudulent Emails Appearing to Come from NACHA (Action Requested)

Further to previous notices since February 2011, NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators are sending these fraudulent messages to email addresses globally.
 
These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The source addresses and contents of these fraudulent emails vary — with more recent examples purporting to come from actual NACHA employees and/or departments — and often including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.
 
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
 
DO NOT open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Please forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.org to aid in their efforts with security experts and law enforcement officials to pursue the perpetrators.
 
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.
Additional information and guidance for consumers and businesses on phishing and email scams are available from the Federal Trade Commission Federal Deposit Insurance Corporation (FDIC):
 
http://www.onguardonline.gov/topics/email-scams.aspx
 
http://www.fdic.gov/consumers/consumer/alerts/phishing.html



NACHA Phishing Alert Email Claiming to be from NACHA

NACHA – The Electronic Payments Association has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA and signed by a non-existent NACHA employee. Specifically, this email claims to be from the “Electronic Payments Association” and appears to be coming from the email address "payments@nacha.org.” See a sample of the email below.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.

If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.

Always use anti-virus software and ensure that the virus signatures are automatically updated.

Ensure that the computer operating systems and common software applications security patches are installed and current.

Be alert for different variations of fraudulent emails.

= = = = = Sample Email = = = = = =

From:payments@nacha.org [mailto:payments@nacha.org]

Sent: Tuesday, February 22, 2011 7:32 AM

To: Doe, John

Subject: ACH transaction rejected

The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.

Please click here to view report
------------------------------------------------------------------


EFTPS Emails

Emails claiming to be from EFTPS are on the rise. Security researchers warn that a ZeuS distribution campaign producing emails about failed electronic tax payments has significantly increased.

Event Characteristics:
The user will receive an email where the "from" field is spoofed to appear as if it is originating from "EFTPS Tax Payment," and the email tells users that their tax payment submitted through the Electronic Federal Tax Payment System (EFTPS) has failed. The message claims the payment failed with an R21 return reason code, and provides a link to obtain additional information.

Be alert for different variations of this fraudulent email.

Member impact:
The malware installed as a result of clicking on the link is commonly used by fraudsters to steal online banking credentials, credit card details, and other sensitive information.

The Credit Union will be receiving updates relating to this matter and, will relay any information as it becomes available.
 

Apple iTunes Fraud

FISERV risk office has identified a recent fraud trend involving a significant increase in reported financial fraud occurring at a legitimate eCommerce merchant, Apple iTunes.

Event Characteristics:   
This fraud event is characterized by “multiple authorization attempts at the legitimate Apple iTunes eCommerce merchant website”.  Transactions typically occur within a 24-hour time frame for amounts over $19.00.

Member impact:
Be aware, legitimate transactions at the Apple iTunes Store in excess of $19.00 may be declined.  We apologize for any inconvenience this may cause as it is our goal to provide protection and solutions to improve your financial life.  

The Credit Union will be receiving updates relating to this matter and, will relay any information as it becomes available.


Text Message Phishing Scam

The LSCU(League of Southeastern Credit Unions) has just learned about a scam currently being executed utilizing LSCU.coop as the originator. The scam is in the form of a text from LSCU.coop, indicating the recipient should call 866.510.8703. The text states: "accountalert@lscu.coop (SCU) Southeastern Credit Unions Security Notice. For more details, please contact our secure phone line at 866.510.8703. Thank you." The LSCU and its servers are NOT sending out these messages. A third party is attempting to collect account info by people calling this number. Members should NOT key in any information if text message is received.

If you are unsure that a phone call, email or website link is coming from Insight Credit Union, you may contact us to confirm that the request or the information is legitimate.

Fraud prevention is an important factor to consider as technology becomes more involved in our daily routines. Insight Credit Union will NEVER contact you via email or phone to conduct an account update or to request your account password or other personal information. If you are unsure that a phone call, email or website link is coming from Insight Credit Union, you may contact us to confirm that the request or the information is legitimate. If you think you might have received a fraudulent request for personal information, call Insight Credit Union at 407.426.6000 or toll-free 888.843.8328. If you have received a questionable e-mail or have visited a website you believe may be phony, or know you've been the victim of a scam, please report it immediately to Insight Credit Union at alert@insightcreditunion.com.


Fraudulent Text Messages

Individuals are receiving a text message for Alarion Bank stating their card has been involved in ATM Fraud and to contact them now’; the text message provides the following number 803-693-9620.  Please DO NOT respond to this text message.  If you have responded to this text message and/or a similar text message please contact our Member Support Center at 407-426-6000.

Please be aware that members of various Central Florida credit unions have been receiving fraudulent text messages on their cell phones. The text message will say something like "Your credit union account has been closed due to unusual activity. Call us at XXX-XXX-XXXX." Upon calling the number, members will be asked for their personal account information.

Just as a reminder, DO NOT provide your personal or account information to anyone. If you have any questions about your account, please contact us at 407.426.6000 or toll-free 888.843.8328.

Our Services