Fraudulent Emails Claiming to be from NACHA


Community First Bank & Trust would like to inform our customers to be aware of fraudulent emails being sent appearing to be from NACHA, The Electronic Payments Association. 


Please visit to review the notice NACHA released on 05/17/2011.


NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators may also be exploiting email addresses recently stolen from Epsilon.


These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The contents of these fraudulent emails vary, with more recent examples including a counterfeit NACHA logo and the citation of NACHA’s physical mailing address and telephone number.


Please do not to open attachments or follow Web links in unsolicited emailsfrom unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Please forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.orgto aid in our efforts with security experts and law enforcement officials to pursue the perpetrators.


NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.


If malicious code is detected or suspected on a computer, consult with a computer security or anti-virus specialist to remove malicious code or re-install a clean image of the computer system. Always use anti-virus software and ensure that the virus signatures are automatically updated. Ensure that the computer operating systems and common software application security patches are installed and current.


Additional information and guidance on phishing is available from the Federal Deposit Insurance Corporation (FDIC).