A brand new scam, trying to get you to download malware, has just hit the Internet. “The ACH transaction recently sent from your checking account (by you or any other person), was canceled by the Electronic Payments Association” says the spam in which it is contained. There is a link to a file that you are supposed to download to “see the details of the report”. Don’t download that file! The file name format is “report_FakeTransaction#.pdf.exe” so, for example, report_33047451352379.pdf.exe.
So far the scam mail has pretended to come from NACHA.org, although they are actually coming through an ISP in the Ukraine (ukrtel.net).
ACH, by the way, stands for Automated Clearing House, which is a system that processes electronic banking transactions.
Here are a couple of samples, along with a screenshot of how the scam mail is formatted:
The ACH transaction (ID: 33047451352379), recently sent from your checking account (by you or any other person), was canceled by the Electronic Payments Association.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Canceled transaction
Transaction ID: 33047451352379
Reason of rejection See details in the report below
Transaction Report report_33047451352379.pdf.exe (self-extracting archive, Adobe PDF)13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100
2011 NACHA – The Electronic Payments Association
And…
The ACH transfer (ID: 1825889742249), recently initiated from your checking account (by you or any other person), was canceled by the Electronic Payments Association.
Canceled transaction
Transaction ID: 1825889742249
Reason of rejection See details in the report below
Transaction Report report_1825889742249.pdf.exe (self-extracting archive, Adobe PDF)
Here is a screenshot so you can see how nicely the scammers have formatted this spam, for your reading enjoyment:
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Here is how it appeared in my email. It says ‘Online Banking Account’ instead of checking.
The ACH transaction, just initiated from your online banking account, was aborted by the Electronic Payments Association.
Aborted ACH transaction
ACH Processing Case ID L273321 (All of this appeared in one of those charts.)
Amount 1388.27 US Dollars
Sender contact d.grogg@juno.com
Reason of rejection See attached word document
Please check the document given below to view more info about this issue.
Beware! This scam is making the rounds yet again.
I too have just downloaded this file!!!! What next? What shall I do?
I’m receiving these messages practically on a daily basis.
Spam Fighter software filters them out and my anti virus application identified a virus “CI.A” contained in the attachment.BTW, I never opened an attachment. Again a warning to never leave your computer unprotected
Thanks for your info.
I just recieved in my spam email, dated 9-1-2011, which I did NOT open, was this:
NACHA ACH: Payment Canceled
By doing a search on this, I know that this is a scam and malware. But, I am curious, as to how they get my email address, please? Does anyone have any feedback for me please. I really appreciate your time and help on this issue. And many, many thanks. Plus, anyone reading this. Please do NOT open this email, if you happen to get it. TYVVM! Be safe~ :-) Take care~
I did download the file and executed it. What can I do to see if it caused any harm?
@ Pierre: I too wish we could catch and punish these people. They are the lowest forms of life. Unfortunately, if they are located out of the US there’s very little our federal government can do. It’s total bunk. Thanks again for the great intel Internet Patrol! You rock!
Thank you!!!! Windows has it blocked and I trusted Windows, thank god! Thanks for this site to verify for me!
I find it odd, that after all these years, there is no industry authority, no government authority, no one, who is actively going after these evil people. There are not even any penalties in law about “willfully creating and or distributing a harmful computer file/program otherwise known as a virus”
Why?
Suitable penalties would be very simple:
Send these people back to the year 1962. That is to say they would not be able to own, lease or access technology more recent than 1962. And, of course, someone would periodically check to make sure they don’t. Of course every year that passes would allow them to come 2 years forwards in time.
It would this take them 2011-1962=49=>49/2=24.5 years to catch up to current society.
Meh! Make it an even 25 years, and then add a 5 year investigation to determine their eligibility! Would you want to be a hacker, then? Did not think so.