{"id":72487,"date":"2011-09-05T06:55:35","date_gmt":"2011-09-05T06:55:35","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72487"},"modified":"2011-09-05T06:55:35","modified_gmt":"2011-09-05T06:55:35","slug":"nacha-ach-payment-cancelled-scam","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/nacha-ach-payment-cancelled-scam\/","title":{"rendered":"NACHA &#8211; ACH Payment Cancelled Scam"},"content":{"rendered":"<p>An email purporting to be from NACHA, the Electronic Payments Association, is currently being fraudulently circulated to unsuspecting individuals and corporations. The email claims that a certain payment has been cancelled and then induces readers to download the attached ZIP file for details of said cancellation.<\/p>\n<p>The mail typically looks like:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/ACH-scamCustom.jpg\" alt=\"\" width=\"372\" height=\"400\" \/><\/p>\n<p>The attached zip file contains &#8220;report_082011-65.pdf.exe&#8221;, which has a PDF file icon. If a user tries to open the file assuming it to be a PDF file the malicious file gets executed and in turn the machine gets infected. Once the malicious file is installed it may download &#8216;Zbot&#8217; from remote servers, which steals banking information by logging keystroke.<\/p>\n<p>The file &#8220;report_082011-65.pdf.exe&#8221; is detected by <a href=\"https:\/\/www.quickheal.com\/\">Quick Heal<\/a> as <strong>TrojanDownloader.Chepvil.n<\/strong>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>An email purporting to be from NACHA, the Electronic Payments Association, is currently being fraudulently circulated to unsuspecting individuals and corporations. The email claims that a certain payment has been cancelled and then induces readers to download the attached ZIP file for details of said cancellation. The mail typically looks like: The attached zip file [&hellip;]<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,24],"tags":[22,23,25,40],"class_list":["post-72487","post","type-post","status-publish","format-standard","hentry","category-email","category-malware","tag-email-malware","tag-fraudulent-email","tag-phishing","tag-trojan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72487"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72487"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72487\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}