|
Current Alert Summary:
The Payments Authority may be the target of a new phishing scheme as we have had reports of fraudulent e-mail messages that claim to be sent by this association.
Be aware that phishing emails frequently have attachments and/or links to web pages that host malicious code and software. Do not open attachments or follow links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
Please Note:
· The Payments Authority (TPA) does not process ACH transactions or 'touch' transactions as they flow through the payment system or during the clearing process.
· TPA does not send communications to consumers, companies, or financial institutions about individual ACH transactions that they originate or receive.
Be on the lookout for different variations of these fraudulent e-mails.
An example of the TPA phishing email is not yet available; however, the following message is similar to those that have plagued NACHA, the Federal Reserve Bank, the IRS, and others:
= = = = = Sample E-mail = = = = = =
From: p ayments@nacha.org [mailto:p ayments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected
The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.
Please click here to view report.
Jane Smith,
Risk Manager
------------------------------------------------------------------
|
YOU SHOULD KNOW
· If malicious code is detected or suspected on a computer, consult with a computer security specialist to remove malicious code or re-install a clean image of the computer system.
· Always use anti-virus software and ensure that the virus signatures are automatically updated.
· Ensure that the computer operating systems and common software applications security patches are installed and current.
|
Previous Alert:
The Federal Bureau of Investigation (FBI) recently issued an alert on a new version of the Zeus Trojan called Gameover, which is distributed via spear phishing attacks aimed at commercial accounts and ultimately lead to account takeovers. Emails purporting to be from NACHA (The Electronic Payments Association) inform the victim organizations of a failed ACH transaction. The victim’s computer is infected with the Trojan when they click on the link contained in the email.
Alert Details:
Gameover is used to steal online banking login credentials and can defeat several forms of dual-factor authentication. Cyber thieves initiate large dollar wire transfers from the compromised accounts. The cyber thieves employ a number of tactics in this scam, including the use of money mules and distributed denial of service attacks (DDos).
After the cyber thieves initiate wire transfers out of the account, they conduct a DDos attack on the financial institution in attempt to take down the institution’s website. The FBI believes the DDos attack is used as a smoke-screen to deflect attention from the wire transfers.
The wires are transmitted to high-end jewelry stores, which is where the money mules come into play. The perpetrators contact the high-end jeweler with a request to purchase precious stones and high-end watches. The jewelry store is informed payment via wire transfer will be made and someone will come in to pick-up the merchandise.
|
