• About SpiritBank  |  
• Contact Us  |  
• Help & Support

• Find a Branch/ATM
• Search this site

New NACHA Payment Phishing Campaign

There is a new NACHA (The Electronic Payments Association) themed email spam campaign being waged against individuals and businesses (similar to the one from February 2011).

The bogus email appears to be sent from someone at NACHA and the email address has been spoofed to read risk@nacha.org.  The message notifies recipients that their recently sent transaction sent from their banking account was cancelled by The Electronic Payments Association and the individual or business target needs to click on the link to view the report. 

The sample email is below:

From:risk@nacha.org [risk @ nacha.org]
Sent: Wednesday, March 31, 2011 7:32 AM
To: Doe, John
Subject: ACH payment rejected

The ACH transaction (ID: 011057709972), recently sent from your banking account (by you or any other person), was cancelled by the Electronic Payments Association.

Please click here to view report.

If you have any questions or comments, contact us at info @ nacha.org.  Thank you for using http://www.nacha.org.

DO NOT click on the link in the email.  In this case, the email is identified as fraudulent because:

1) NACHA does not process nor touch the ACH transactions that flow to or from organizations and financial institutions.
2) NACHA does not send communications to persons or organizations about individual transactions that they originate or receive.

Be aware the phishing emails frequently have attachments and / or links to Web pages that host malicious code and software. 

Here are some safety reminders:

• Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.
• If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to get the malicious code removed.
• Always use anti-virus software and ensure that the virus signatures are automatically updated.
• Ensure that the computer operating systems and common software application security patches are installed and current.
• Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC) at www.fdic.gov.

To check on your transaction – call your financial institution instead of clicking on the link that leads to a malicious web page.

If you think you have been a victim of the scam, call your financial institution and file a complaint with the FBI’s Internet Crime Complaint Center: http://www.ic3.gov/complaint/default.aspx .

We at SpiritBank want to keep you informed about anything affecting the security of your private information or your finances.