By far the most common theme for malware emails over the last few weeks has been “interbank payment rejected” or similar. The emails refer to a cancelled or rejected interbank transaction and are alternatively from:
- Electronic Payments Association
- ACH (Automated Clearing House)
- NACHA (National Automated Clearing House Association)
These are all essentially the same: NACHA is the Electronic Payments Association and manages the development, administration, and governance of the ACH Network. The malware has either been attached to the emails or, as in more recent exmaples, has included links that lead to webpages with JavaScript-based malware.
What does any of this have to do with LinkedIn? Not much. But the latest version of the NACHA themed emails features the subject line: “So now you’re on LinkedIn: What’s next?”. This could be:
– designed to increase the open-rate for recipients who might otherwise ignore a “transaction rejected” email
– designed to fool some very primitive spam filter
– a mistake made by the email’s creator
Perhaps the malware distributor who sent this email can enlighten us.
Email text:
The ACH transaction (ID: 90343675941857), recently initiated from your bank account (by you or any other person), was canceled by the other financial institution.
Rejected transfer
Transaction ID: 90343675941857
Reason of rejection See details in the report below
Transaction Report report_90343675941857.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171