Be on the look out for a sophisticated phishing scam that seems to be attacking PayPal transaction users and/or account holders. Here’s what happened to me recently…
I paid for a fundraiser this week through the charity’s online payment process using PayPal. I also have a PayPal account for business so used the default e-check payment rather than a credit card. I’m not sure if that last detail is what matters, but what happened is concerning…
Within two hours of my payment I received a fake email claiming to be (and it looked very real) a payment moderator with NACHA, a legitimate e-payment association (and who are they right? They never email people) The fraudulent email had a zipped attachment (likely viral) that was claimed to be a form for me to fill out and return to NACHA. If you ever get an email from NACHA, delete it totally. I took a screenshot then deleted the email and everything about it from my computer and reported the abuse to the good folks at NACHA who know about this phishing scam, and said the following in their reply, which I thought I would share.
From: Abuse <abuse@NACHA.ORG>
Date: September 7, 2011 12:08:24 PM EDT
To: Chris Gooderham
Subject: Automatic reply: Two hours After a PayPal transaction, I received this email
Thank you for forwarding your suspected fraudulent email to NACHA for analysis.
NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Your cooperation will assist in our efforts with security experts and law enforcement officials to pursue the perpetrators.
NACHA — The Electronic Payments Association