There's a reason why online criminals keep reverting to scams that center on canceled banking transactions or credit card processing errors — they're scary and they work.
The newest incarnation of the ploy comes in the form of an email claiming to be from the Automated Clearing House Network (ACH), a financial-payment-processing firm. The fraudulent message informs recipients that their recent checking account transaction has been canceled, the security firm AppRiver wrote.
ACH processes large volumes of consumer, business and government payments for nearly 11,000 financial institutions, according to the website of NACHA, the ACH's governing body. Those transactions include company payrolls, insurance premiums, mortgage loans, tax payments and utilities, among others.
So, unless you've got vast reserves of expendable income, opening your inbox to this notification could certainly spark some fear. And that's exactly what the criminals behind the scam want.
To get to the bottom of this "rejected transaction," the email instructs victims to open an attached PDF file. Once they do that, the real trouble begins: the corrupt file bypasses anti-virus programs, hunkers down on the target computer and then "brings its friend Zeus down to the party," AppRiver wrote.
Zeus, of course, is an infamous and extremely dangerous Trojan designed to steal one-time passwords sent by banks to consumers to authenticate mobile transactions.
AppRiver added that computers infected with this ugly PDF could also become part of a botnet, which would allow the attackers "to push down further malware and siphon off information as they please."
Fortunately, there are some preventative measures to keep this vicious virus away from your computer. Never download attachments included in unsolicited emails, and, as AppRiver says, "always question alerts that claim packages couldn't be delivered, transactions have failed, your password needs to be changed, or anything that would require you to open an attachment or enter personal information in order to be viewed."
If you have legitimate concerns about a financial transaction, call your bank directly.