'ACH Payment xxxxx Canceled' Phishing Email Description
The 'ACH Payment xxxxx Canceled' phishing email is a computer scam that ESG security researchers initially detected in September of 2011. Computer users that received an email with the 'ACH Payment xxxxx Canceled' subject line were then taken to a malicious Internet address as part of a scam to steal their personal information. The 'xxxxx' in the 'ACH Payment xxxxx Canceled' phishing email stands for a random number, generated for each different spam email. Despite the different numberings, all of these spam emails direct users to the same malicious website. This malicious website contains components that automatically force the victim's computer to download and install various Trojans, designed to steal personal information and allow criminals to gain access to the victim's computer system. ESG PC security researchers strongly recommend caution when opening emails from unknown sources.
Why the 'ACH Payment xxxxx Canceled' Phishing Email is Dangerous
Most computer users would think that the 'ACH Payment xxxxx Canceled' phishing email is no different from previous phishing scams. However, the 'ACH Payment xxxxx Canceled' phishing email contains an embedded link, rather than a compressed file in ".zip" format. While a .zip file attachment was easily detected and avoided, an embedded link is more difficult to avoid for inexperienced computer users. The fake link in the 'ACH Payment xxxxx Canceled' phishing email takes users to an Internet address that hosts the BlackHole exploit kit, a group of Windows exploits that is quite common among hackers. This website will then use these exploits to install Zbot onto the infected computer, a malicious remote access tool that can allow hackers to control the infected computer system. As of the writing of this report, ESG security researchers have detected at least 200 thousand instances of the 'ACH Payment xxxxx Canceled' phishing email.
Don't Become a Victim of the 'ACH Payment xxxxx Canceled' Phishing Email
It is important to understand that no real financial institution will ever send you emails similar to the 'ACH Payment xxxxx Canceled' phishing email. Banks tend to be quite careful about handling sensitive information like account details and personal identification numbers via email. Any messages notifying you of secure transactions are usually phishing scams. The 'ACH Payment xxxxx Canceled' phishing email is no exception. ESG PC security researchers recommend using a strong anti-spam filter and educating yourself on your bank's email and Internet banking policies to avoid becoming another victim of the 'ACH Payment xxxxx Canceled' phishing email.