Fraudulent Emails Appearing to Come from NACHA
(Updated September 2, 2011)
Recent Examples Purporting to Come from Actual NACHA Employees and/or Departments
We would like to instruct customers to forward fraudulent emails they receive that appear to come from NACHA to firstname.lastname@example.org for analysis.
Additional information and guidance for consumers and businesses on phishing and email scams are available from the Federal Trade Commission Federal Deposit Insurance Corporation (FDIC):
Further to previous notices since February 2011, NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators are sending these fraudulent messages to email addresses globally.
These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The source addresses and contents of these fraudulent emails vary — with more recent examples purporting to come from actual NACHA employees and/or departments — and often including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Caution your customers not to open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Direct them to forward suspected fraudulent emails appearing to come from NACHA to email@example.com to aid in our efforts with security experts and law enforcement officials to pursue the perpetrators.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.
Find resources provided by the FDIC to educate and protect consumers, revitalize communities, and promote compliance with the Community Reinvestment Act and fair lending laws.
For more information and to access the FDIC’s consumer alerts, click here:
Special Alert: Fraud and Identity Theft
Fraud and identify theft continue to be of concern to everyone. You can be the best line of defense against fraud and identity theft, and you can find additional information on the matter at Identity Theft. This is the US government’s central Web site for information about identity theft.
Special Alert: Fraudulent Anti-Terrorist Stop Order Letters
These letters are being sent to bank customers. Copies of these ANTI-TERRORIST letters have been received by FinCEN that notify consumers that mandatory fees, in amounts of approximately $25,000, are required for the issuance of a ANTI-TERRORIST CERTIFICATE before transactions may continue to be conducted.
These letters were NOT sent by FinCEN and represent a fraudulent attempt to elicit funds from customers. Please see FinCEN’s Website to see an example of one of these letters. Consumers should NOT provide any information nor send any funds, to any address as indicated in these letters. Further, consumers should NOT follow any instructions contained in these letters to access their accounts on-line.
Further, there are instances in which other letters are being circulated which claim that FinCEN is freezing assets and endorsing investment schemes. FinCEN does NOT have authority to freeze assets and does NOT endorse investment schemes.
FinCEN is working closely with law enforcement agencies to identify the source of these letters and disrupt these scams. Until this is accomplished, if consumers receive any letters such as these (Samples – hyperlink), or experience any similar attempts to obtain account information or funds, they are requested to notify FinCEN at firstname.lastname@example.org.