Blog

Watch those NACHA emails

December 30, 2011 by Kevin Christensen — Vice President, Audit, SHAZAM

Community banks and credit unions can make a significant dent in fraud losses by giving cardholders a heads-up where fraud is concerned. This is particularly important in the area of phishing attacks, which are coming fast and furious – and not only via phone, but also via email, and even text messages.

Recently, consumers and businesses have received emails appearing to come from NACHA – The Electronic Payments Association. According to NACHA, the attacks are now occurring with greater frequency and increased sophistication.

The emails typically make reference to an automated clearing house transfer and contain a link or attachment. Once clicked, the recipient's computer is infected with malicious code.

Unfortunately, the contents of these fraudulent emails can make them appear legitimate. Recent examples we've seen included a NACHA logo along with NACHA's mailing address and telephone number.

We've found that it is important to warn cardholders of specific threats such as this one and to give them a bit of the background. This better prepares them as fraudsters change their tactics.

For instance, be sure to explain to your cardholders that NACHA does not process or even touch the ACH transactions that flow to and from your financial institution. Nor does NACHA send communications to people or organizations about individual ACH transactions.

One other important note: think beyond your customers. Staff, too, are vulnerable – and this includes executive-level staff. Remind employees never to open attachments or click on links in suspicious or unsolicited emails from unknown parties. Specific to the NACHA emails, ask them to forward any suspicious emails appearing to come from NACHA to abuse@nacha.org for investigation.