Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing for Trouble: At-work Email Behavior Can Affect the Bottom Line in Unexpected Ways

    Even financial professionals can get snared at work by e-mails that purport to deal with routine, straightforward transactions. One interesting phishing scam that occurred as recently as mid-2010 is reported in a blog at the Association for Financial Professionals (AFP) entitled “Phishing Scam Exploits NACHA Name” (NACHA stands for National Automated Clearing House Association, an industry group that represents companies and organization that process payments for banks, large retailers, and other major financial institutions in the US). Professionals in accounting departments at major companies and corporations have been targeted with emails that  claim to originate from the NACHA with subject lines such as “Rejected ACH Transaction” or “Your ACH transaction was rejected.”
     

    Knowing this kind of claim is going to provoke immediate reaction from responsible financial professionals, the scam takes its toll when  those who read such an e-mail click on a link to an “Unauthorized ACH Transaction Report.” When someone clicks on that link, it routes them to a fake website where malicious software lies in wait. Because that malicious software includes keyloggers (programs that record and store all keyboard activity, with a special proclivity to capture login account and password information) and Trojans (software that can “call home” to a malicious server on the Internet and upload files and key log data to nefarious individuals), this can result in unwanted disclosure of financial transactions, account details, electronic funds transfers, and more.

    Both the AFP and NACHA strenuously recommend that no one click links in e-mails that report on financial activities, and we heartily endorse this stance. The safest way to react to any such disclosure is to log into an online account at the purported reporting institution, or to call in person by phone, to verify and respond to such a report. Otherwise, you leave yourself open to drive-by downloads and possible financial losses. All staff, especially financial professionals, must know about such attacks, and be trained to avoid them. What better case can we make for Internet Security Awareness training?

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Security Awareness Training, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews