ACH Approval Letter Spam has been circulated. A blast of new spam emails targeting computer users and attempting to infect
them with a variant of a banking trojan has been discovered. The emails aim to achieve this by posing as ACH (Automated
Clearing House) transfer failure notifications.
The spam emails carry one of the following subject lines:
ACH Approval Letter
The recorded email addresses are:
ACH-CUSTOMS@mail.wooldridgeheatingandair.com
The Actual Email is:
The Automated Clearing House (ACH) application for your company has been processed and the payer unit number assigned is 029762. This number identifies to the Federal Reserve Bank of Cleveland the account to be debited and is required input in the “ABI ACH Payment Authorization Input Record.” It is the responsibility of the payer to use the correct payer unit
number in every transaction in which statements are paid via ACH.
You may begin paying statements via ACH. If you are a Customhouse broker who is using ACH for the first time, please contact your ABI client representative to request that your ABI records be updated to permit ACH
filing. If you are already using ACH for other importer statement transmissions, you do not need to contact your ABI client representative. If you are a new ABI importer, please contact your ABI client representative to
ensure that the appropriate ABI records are updated to permit you to transmit entry summaries, which will be filed under ACH.
If you are an importer and do not file entries directly with Customs and Border Protection, it is your responsibility to provide your payer unit number to your filer(s). This number can be used in all locations by
different filers provided the bank account number is the same.
If you have any questions, you may contact ACH Help Desk at (317) 298-1200,
extension 1098.
Sincerely,
Cindi Miller, Chief
Collections Refunds and Analysis Branch
Revenue Division
Thank You,
Kirsten Anderson
Financial Program Specialist I Office of Administration I Collections,
Refunds, and Analysis Branch I U.S. Customs and Border Protection I Phone.
The attached zip file contains the “ACH_Import_Information.exe” executable file, which is a banking trojan used to steal banking credentials from a victim (including confidential details such as username, password, credit card number etc.). By harvesting cookies and accessing other information, the criminals can extract a lot of personal information which can be used to enhance their chances of getting access to the victim’s online banking accounts.
If you come across such emails, do not open the attachments. Instead, delete them and keep your antivirus updated. Net Protector Antivirus detects the attached file as malicious file.
We recommend that users do not open such attachments from any unknown emails.