The Electronic Payments Association says it has received reports that individuals and/or companies have received a fraudulent email that has the appearance of having been sent from NACHA.
The subject line of the email states: "Unauthorized ACH Transaction."
The email includes a link that redirects the individual to a fake Web page and contains a link that is almost certainly an executable virus with malware.
"Do not click on the link. The text, email, and the related website are fraudulent," NACHA warned in a statement.
NACHA said the fake emails look like this:
Sent: Thursday, July 22, 2010 8:27 AM
To: Doe, John
Subject: Unauthorized ACH Transaction
Dear bank account holder,
The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:
Security experts say consumers should be aware that phishing emails frequently have links to Web pages that host malicious code and software. Do not follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
NACHA said it does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. It also does not send communications to individuals or organizations about individual ACH transactions that they originate or receive.
If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system.
It's a good idea to always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software applications security patches are installed and current. Be alert for different variations of fraudulent emails.