This time, it is branded as being from NACHA, The Electronics Payment Association. The email actually hotlinks the company’s logo from their website. By looking at the source code of the email you can see the HTML img reference. What stands out right away is not the simplicity of the email, or the fact that it randomly showed up in the inbox. What stands out is the report file that the email is linking to. It doesn’t end in a PDF. It actually ends in a .pdf.exe.
Yes the email also states that the file is a self-extracting archive, PDF. While this might be true, it is very unlikely that a company would send such a file to its customers.
At further examination of the source code, you can see that this .pdf.exe file is linking to a random .it domain. Obviously this is not NACHA and the link should not be clicked.
Phishing emails come in all shapes, sizes and forms. The trick is to be aware of suspicious emails that arrive in your email boxes. Somehow these fake emails keep bypassing spam folders.
I want to also point out something fantastic that NACHA has implemented. They were made aware of the phishing attack going around and released a news article on their website.
Fraudulent Emails Appearing to Come from NACHA
Ensure that Frontline Staff Understand Sustained and Evolving Nature of Attacks
NACHA requests that financial institutions, billers, and payment providers ensure that their frontline staff — those who interact with customers — understand the sustained and evolving nature of these attacks…. Kindly instruct customers to forward fraudulent emails they receive that appear to come from NACHA to email@example.com for analysis.
Forwarding the email NACHA’s abuse department will prompt an automated reply (which is legitimate).
Subject: Automatic reply: (phishing email subject)
First Sentence of Body: Thank you for forwarding your suspected fraudulent email to NACHA for analysis.
So with that shared. If you receive one of these phishing emails that appear to have arrived from NACHA, please forward to their abuse department. If you receive other suspicious emails and want us to take a look please get in touch.
There has been a report (by Consumerist) of Netflix Phishing emails going around as well. It is similar to the NACHA email, where a suspicious file is attached. It is very unlikely that Netflix would send their customers a zip file.