Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

So now you’re on LinkedIn: What’s next?

By far the most common theme for malware emails over the last few weeks has been “interbank payment rejected” or similar. The emails refer to a cancelled or rejected interbank transaction and are alternatively from:

These are all essentially the same: NACHA is the Electronic Payments Association and manages the development, administration, and governance of the ACH Network. The malware has either been attached to the emails or, as in more recent exmaples, has included links that lead to webpages with JavaScript-based malware.

What does any of this have to do with LinkedIn? Not much. But the latest version of the NACHA themed emails features the subject line: “So now you’re on LinkedIn: What’s next?”. This could be:

– designed to increase the open-rate for recipients who might otherwise ignore a “transaction rejected” email

– designed to fool some very primitive spam filter

– a mistake made by the email’s creator

Perhaps the malware distributor who sent this email can enlighten us.

Email text:

The ACH transaction (ID: 90343675941857), recently initiated from your bank account (by you or any other person), was canceled by the other financial institution.

Rejected transfer

Transaction ID: 90343675941857

Reason of rejection See details in the report below

Transaction Report report_90343675941857.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...