Phishing Attack Targets Bank & Credit Union BSA Compliance Officers
 
As you may now know, a phishing scam targeting BSA compliance officers at credit unions and other financial institutions was reported this week by KrebsOnSecurity. The article originally singled out the attacks on credit unions but was later updated to reflect that attacks targeted bank BSA compliance officers as well. If you have not read the article, you should: https://krebsonsecurity.com/2019/02/phishers-target-anti-money-laundering-officers-at-u-s-credit-unions/ . The “Krebs” article contains an image of one of the phishing emails to a credit union.
 
What made these phishing attacks notable was that they were directed to the BSA officers of credit unions and banks by name. The phishing emails purported to be from named BSA officers at other financial institutions. The emails informed the recipient BSA officer that a suspicious transaction by one their customers had been put on hold by the “sending” institution and asked the recipient to open an attached PDF to review the frozen transaction. The body of the PDF contained a link to a malicious website.
 
That the phishing emails targeted BSA officers by name has led to conjecture that the fraudsters obtained names and email addresses by accessing a federal regulatory database. As of Friday, NCUA had issued a statement stating that an internal review found no breach of its BSA data. See https://www.ncua.gov/newsroom/press-release/2019/ncua-review-finds-no-bank-secrecy-act-data-breach .
 
The Financial Crimes Enforcement Network (FinCEN) posted the following message on its secure information sharing portal ( https://www.fincen.gov/314a/Login ):

Notice: FinCEN is aware of a fraudulent email purporting to be from a financial institution regarding the 314(b) Information Sharing Program. The recipients of the email are typically other financial institutions. The body of the email contains the following language: “We've got suspicions transfer from your client, and put it on hold. According section 314(b) of the USA PATRIOT Act we have to report you about potential money laundering. Please review the attached document with details of this case.” If you receive an email with this text purporting to be from another financial institution, please disregard it.
 
For the past several years, NASCUS has cautioned BSA officers and examiners that increasingly the nexus between BSA/AML and cybersecurity would become a focus of importance. This episode is illustrative of that fact.
 
As more information becomes available, we will provide it to our members. In the meantime, it would be prudent to remind staff of best practices in handling email to guard against phishing attacks (cyber hygiene). Best practices include:
 
  1. Hovering over the sender in the email to verify the sending address;
  2. Being alert for misspellings and grammatical errors;
  3. Verify sender before opening attachments and clicking on links; and
  4. Using the phone to verify the sender is legitimate.
 
 
 
We will keep you abreast of further developments on this issue.

Sincerely,

Lucy Ito
President & CEO
NASCUS


Brian Knight
EVP & General Counsel
NASCUS
NASCUS | www.nascus.org