Hopefully more and more people are catching on, but please, do NOT believe emails like this. This email and it’s linked site is a scam, and they are hoping I will bite so they can phish my account and information. Since I don’t have a business account, then obviously (for me) this is a scam. If you do have business accounts, just contact your bank, or software company, directly. It’s worthy to note that the actual automatic deposit transaction is handled on the banking end, so if you use a payroll software to authorize paychecks, being out of date means it’s just out of date. It will still work. Your software should notify you with those annoying pop-ups when it needs some attention, not an email like this.
Sadly, most people that are reading this already know to trash these emails. It is the non-internet-savvy people that take the bait – hook, line and sinker. If you know anyone like that, please just talk to them and find out if they’re aware of emails like this. The elderly are especially susceptible.
Since this isn’t the first time I have received this email, I decided to do a bit of searching of the address listed in the email:
ACH Network Rules Department
NACHA | The Electronic Payments Association
16353 Sunrise Valley Drive, Suite 474
Herndon, VA 28727
Phone: 703-359-0738 Fax: 703-005-2904
There were a few sites discussing this email which apparently started appearing back in 2011. Possibly longer, but I didn’t read every search result. Just a few sites I’m familiar with, and that my security system approves. The info I found says the following:
ACH stands for Automated Clearing House, a federally regulated network that allows U.S. financial institutions to electronically send money back and forth. The network is governed by the National Automated Clearing House Association (NACHA) – operated by the Federal Reserve and Electronic Payments Network. (link)
I decided to post about this email was after I studied it a bit more this time and realized that it had actually been very well devised. First, this scammer is using a legitimate company’s name and to some people, that’s good enough for them. They even went so far as to provide a “From” name (firstname.lastname@example.org) that could very well be a subdomain of the NACHA site (which is legit). Anything may be entered in the “From” field… Tweedle Dee, Alice, White Rabbit…. But the actual email it was sent from shows in the email and it definitely is NOT from NACHA. In fact, the email appears to originate from Germany, although I doubt the actual scammer is there.
Secondly, the actual wording doesn’t give the typical red flags that scammers do, which are, for example, “download this software” or “use this link to fill out our official form” and so on. In fact, the email specifically says to contact your financial institution. But right before that is a link you can use to go get the details since most people would want to have the specific details on hand when they do call their bank. Who knows what lies on the other end of that link.
So, please, make sure the people you know who do not have strong email/internet knowledge know not to click any link or attachment in an email they have no idea who it’s from. The world will not stop rotating if anyone holds off opening an email or clicking a link until they’ve done more research.
In fact, I finally “trained” my housemate not to even open an email she doesn’t recognize. Let me know and I’ll check it out. She’s quite a bit older than I am and her computer/internet skills are very minimal. I have no doubt she would have clicked on this link had she received it before I gave her an email scam lecture. LOL… I even installed the same security system I use and when it detects something really bad, it will make a horribly loud, ear-piercing tone while flashing a red notification. It’s impossible to miss it (yeah, I’ve been to a few sites I shouldn’t have – by my choice – and it let me know). So if I ever hear that noise from her office followed by a scream, I’ll know what happened.