Advisory Id: 2009-11-038 NACHA being targeted by Jabber/Zeus Trojan

We have been notified of a Phishing Alert from NACHA Member Communications. It appears that random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction".  The e-mail appears to be from NACHA - The Electronic Payments Association and indicates that there is a problem with an ACH transaction they have originated.  The e-mail includes a link which redirects the individual to a fraudulent web page which mimics the NACHA website and contains a link which is likely to include an executable virus with malware.    

NACHA HAS INFORMED US THAT THIS EMAIL DID NOT ORIGINATE FROM NACHA AND THAT THIS IS NOT THE NACHA WEBSITE.  DO NOT CLICK ON THE LINK.

Below is a sample e-mail:

= = = = = Sample E-mail = = = = = =

From: nacha.org [mailto:report@nacha.org]
Sent: Thursday, November 12, 2009 10:25 AM
To: Doe, John
Subject: Rejected ACH transaction, please review the transaction report

Dear bank account holder,

The ACH transaction, recently initiated from your bank account, was rejected by the Electronic Payments Association. Please review the transaction report by clicking the link below:

Unauthorized ACH Transaction Report  (this is the how the link is presented)

------------------------------------------------------------------

Copyright ©2009 by NACHA - The Electronic Payments Association

= = = = = = = = = = == = = =