Fake ACH Transfer Failure Notifications Spread ZeuS

Just got an email with "The ACH transfer (ID: 3046983301554), recently sent from your checking account (by you or any other person), was canceled by the Electronic Payments Association." "Transaction Report- report_3046983301554.pdf.exe (self-extracting archive, Adobe PDF) "
To bad I don't have a 'checking account'.
Great artical

recently i got mail as below can i belive of that kind of mail


The ACH transfer (ID: 61976310204897), recently sent from your checking account (by you or any other person), was rejected by the other financial institution.


Rejected transaction
Transaction ID: 61976310204897
Rejection Reason See details in the report below
Transaction Report report_61976310204897.doc (Microsoft Word Document)



About NACHA
The NACHA Operating Rules provide the legal foundation for the exchange of ACH payments and ensure that the ACH Network remains efficient, reliable, and secure for the benefit of all participants. In its role as Network administrator, NACHA manages the rulemaking process and ensures that proposed ACH applications are consistent with the Guiding Principles of the ACH Network. The rulemaking process provides a disciplined, well-defined methodology to propose and develop and propose rules amendments to the NACHA voting membership, the decision makers for the NACHA Operating Rules.
NACHA manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data. The ACH Network serves as a safe, secure, reliable network for direct consumer, business, and government payments, and annually facilitates billions of payments such as Direct Deposit and Direct Payment.

13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

2011 NACHA - The Electronic Payments Association

Over the past 3 months I have gotten similar emails from Western Union and Paypal. I have always forworded them to spoof@paypal.com or the western union. .. My advice is to never use you internet computer for banking.

I am getting several of such messages per day. They already contain a trojan horse encodes.
Also, I don't understand how somebody can use compromised gmail accounts to spoof source IP address. It would be a miracle. Filtering out source addresses by iptables help reduce number of them. They are NOT originated from few sources. I can attach you a full list I collected during few months, believe me it is HUGE.

Anatoliy

I'm tired of seeing these idiot junk emails show up in my inbox... I get several every day. What I'd like is to get my hands on the morons sending them.

Indeed! But only cowards use these kind of scam/spam tactics, sad enough allot of people that don't understand much of internet get scammed with these things. Earlier I heard on the radio that this year 4.3 billion euro has already been stolen by simple fake banking websites with phishing.

I got the same exact email.

Thank you for the above. Got one of these things in my phishing e-mail account and sent e-mail only to"gardner burton" querying the mail but I didn't click or attempt to reply to his details address I thought it could be scam of some kind.My e-mail daemon couldn't deliver my mail to "him" I also don't do or trust on line banking. James

This is what I got today:
Payment Notification #13454921

The ACH transaction (ID:13454921 ), recently initiated from your checking account (by you or any other person), was canceled by the other financial institution.
Rejected transaction
Transaction ID: 13454921
Reason for rejection: See details http://nacha.org/report/13454921/detailis.php?n=7090
3292 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703)561-1100 2011 NACHA - The Electronic Payment Association

The link is fake, forwarding us to a very dangerous site...

Do any of you use Trend Micro Internet Security? My system has never been breached before as I am always careful to run my TMIS without doing anything else. Then for the first time, I decided to run TMIS in the background and open up Outlook!!! And voila ...here is that strange unexpected email.

Received one this morning .what do I? I emailed reply do ask who there are? but did not open link

I received 3 today, 'Transfer', 'Rejected' and 'Suspended'. All were in my junk email in box. Thanks for the information.

I'm so glad I typed ACH transfer on google, and saw this website after I got that same e-mail yesterday. I didn't click on the link though, just read the e-mail.

Got this in my mail
Netmaveric happy918@dia-net.ne.jp
7:52 AM (4 hours ago)

to netmaveric, netmaxis, netmeg2000, netmerrill, netmers, netmessage, netmgmtgoddess, netmich69, netmillion1, netminder123, netminder5, netminder76, netminder831, netminderppd, netmohamadnet, netmom21, netmon60852001, netmoney2use, netmoney3181, netmoneymaker, netmonk101, netmoremoney, netmstar, netmyndir, netn_tom, netname_2009
The ACH payment ID: 652453554157, that had been performed from your bank account lately, was declined by the the bank of the recipient.

ACH transaction declined
Transaction ID: 652453554157
Reason for rejection: please see the report below for details
Transaction Report report_652453554157.doc< /a> (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

2011 NACHA - The Electronic Payments Association

Excellent article. I use a separate prepaid card for occasional online transactions. I think these scammers have already hacked financial transactions at a low level. I go months without using the acct or getting the phony e-mails, and then I run several transactions in a 1 day and a few days later I get these ACH e-mails. Nobody’s timing is that good. I read this article before doing anything. Probably saved me a bunch of headaches, thanks.

I have one of these in my inbox and it give only a trans report number and the Sunrise address. But no date not amount or no reciever.....thanks for this it saved me ...

I have just received the 2nd of these e-mails. How do eliminate it without accessing it. I delete a lot of stuff, but am nervous about touching this item. I don't use the internet for banking. but does this sort of thing happen when one buys stuff on the internet using a credit/debit card?
Phaedra7.

And it's starting again - just got one today 1-31-12- domain name it clams to be from is acontractorconnect.com - and also huntyourschool.com so beware!

I am VICTIM of this attack two times!
Please help me.

This is literally what my fake ACH said. "If you are sure that this mail was sended to you by mistake, please forward it to your director or accounting officer."

i get these constantly but do not click on them do not need it apparently i have won over 20 billion dollars plus in lotterys i do not enter

My employer's IT group sent out a copy of a phishing request they had received (of course, they removed the links before sending it). This variant says that the ACH transfer from the person's account was successful. The excerpt below is followed by a fake virus check footer (Checked by PC Tools). One amazing thing about this phishing attempt - all the words were spelled correctly.

==========
Subject: Your Same Day ACH transfer was successfully sent



We have successfully sent the following transfer:

*********************************************
Item #: 74605876
Amount: $4,769.00
To: Kathleen Lynn
Fee: 25.00
Send on Date: 03/23/2012
Service: Same Day
*********************************************