Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

So now you’re on LinkedIn: What’s next?

By far the most common theme for malware emails over the last few weeks has been “interbank payment rejected” or similar. The emails refer to a cancelled or rejected interbank transaction and are alternatively from:

These are all essentially the same: NACHA is the Electronic Payments Association and manages the development, administration, and governance of the ACH Network. The malware has either been attached to the emails or, as in more recent exmaples, has included links that lead to webpages with JavaScript-based malware.

What does any of this have to do with LinkedIn? Not much. But the latest version of the NACHA themed emails features the subject line: “So now you’re on LinkedIn: What’s next?”. This could be:

– designed to increase the open-rate for recipients who might otherwise ignore a “transaction rejected” email

– designed to fool some very primitive spam filter

– a mistake made by the email’s creator

Perhaps the malware distributor who sent this email can enlighten us.

Email text:

The ACH transaction (ID: 90343675941857), recently initiated from your bank account (by you or any other person), was canceled by the other financial institution.

Rejected transfer

Transaction ID: 90343675941857

Reason of rejection See details in the report below

Transaction Report report_90343675941857.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...