Information Security Blog

Previously, we’ve shared a fraudulent phishing email from using the LinkedIn brand and template. Now, another email has made its way to our attention.

This time, it is branded as being from NACHA, The Electronics Payment Association. The email actually hotlinks the company’s logo from their website. By looking at the source code of the email you can see the HTML img reference. What stands out right away is not the simplicity of the email, or the fact that it randomly showed up in the inbox. What stands out is the report file that the email is linking to. It doesn’t end in a PDF. It actually ends in a .pdf.exe.

Yes the email also states that the file is a self-extracting archive, PDF. While this might be true, it is very unlikely that a company would send such a file to its customers.

At further examination of the source code, you can see that this .pdf.exe file is linking to a random .it domain. Obviously this is not NACHA and the link should not be clicked.

Phishing emails come in all shapes, sizes and forms. The trick is to be aware of suspicious emails that arrive in your email boxes. Somehow these fake emails keep bypassing spam folders.

I want to also point out something fantastic that NACHA has implemented. They were made aware of the phishing attack going around and released a news article on their website.

Fraudulent Emails Appearing to Come from NACHA

Ensure that Frontline Staff Understand Sustained and Evolving Nature of Attacks
Action Requested

NACHA requests that financial institutions, billers, and payment providers ensure that their frontline staff — those who interact with customers — understand the sustained and evolving nature of these attacks…. Kindly instruct customers to forward fraudulent emails they receive that appear to come from NACHA to abuse@nacha.org for analysis.

-

Forwarding the email NACHA’s abuse department will prompt an automated reply (which is legitimate).

Subject: Automatic reply: (phishing email subject)

First Sentence of Body: Thank you for forwarding your suspected fraudulent email to NACHA for analysis.

So with that shared. If you receive one of these phishing emails that appear to have arrived from NACHA, please forward to their abuse department. If you receive other suspicious emails and want us to take a look please get in touch.

Thanks,

Scott

Update

There has been a report (by Consumerist) of Netflix Phishing emails going around as well. It is similar to the NACHA email, where a suspicious file is attached. It is very unlikely that Netflix would send their customers a zip file.

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

• How to deal with increasing threats
• How to manage multiple regulatory requirements
• How to handle client requests for attestation
• To validate that significant changes did not have unanticipated results

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

• Simplify compliance monitoring/reporting
• Vastly improve Incident Detection & Incident Response
• Contextualize event information with other business relevant information

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

• Substantiate the net effectiveness of a mature control environment
• Prove to a third party that an environment is secure/trustworthy
• Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
• To validate that significant changes did not have unanticipated results