Phishing attack targets financial clearing house

Security firm WebRoot is warning of a new phishing attack that is targeting users of Nacha, the not-for-profit organisation that runs the Automatic Clearing House network.

WebRoot said the firm, which is used by more than 15,000 banks and handled about 18 billion electronic transfers last year alone, has become the target of miscreants trying to spoof its domains and con email users out of their bank account details.

Andrew Brandt, writing on the WebRoot blog, said, "When the world’s largest clearing house for transfers of funds between banks supposedly sends you an email like this one, you probably would perk up and pay attention."

He added: "The email’s dire warning reads, 'The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association'. It’s a scam. The intended reaction: the victims panic, click the link, and are sucked into the scam. Please don’t let this happen to you."

Brandt said anyone who clicks on the link is taken to a web site hosting a phishing trojan, which once downloaded will hide itself and steal login details. On top of this – and this is where Brandt said things got interesting – the user is redirected through a number of drive-by web sites that also try to install an infection on the computer.

Brandt urged users to keep their wits about them. "If you remain vigilant and treat unexpected emails from unfamiliar entities, that supposedly alert you to financial transactions, with suspicion, you can easily avoid dirty tricks like this one," he said.