MADISON, Wis. (12/1/11)--A phishing expedition for personal information and aimed at direct deposit and automated clearinghouse transactions is hitting company e-mail in-boxes.
The Credit Union National Association became aware of the attempts to reel employees' personal account information when a number of employees received an e-mail entitled "Your Direct Deposit payment ID 016698606828 was declined." The e-mail purports to be from NACHA--The Electronic Payments Association.
The message is addressed to "Attn: Financial Manager" and notifies the recipients that their latest Direct Deposit via ACH transaction was rejected due to out-of-date Direct Deposit software. The message includes a different "transaction" number than the number in the subject line. The message offers a link, which seeks more information. It also adds that recipients should refer to their financial institution to obtain an updated version of the software.
CUNA employees were advised to not open the e-mail and not to provide personal account information--standard advice given by credit unions when members report phishing attempts.
NACHA has been targeted by a number of malicious phishing attempts this year. Dynamoo's Blog reported Nov. 14 on a similar phishing attempt making the rounds and related to Direct Deposit accounts. A link in that message went to an Internet address in Australia.
NACHA also was targeted by phishing e-mails in September related to ACH transactions, according to Spamwars.com (Sept. 8). Recipients were told their ACH transaction or wire transaction had been cancelled by another financial institution.