Credit Union BSA Officers Targeted in Phishing Scam

February 15, 2019

From Credit Union Journal – Bank Secrecy Act officers at credit unions have recently been targeted by malware-filled phishing attacks.

These executives at numerous credit unions received suspicious emails on Jan. 30, disguised as official messages sent from BSA officers at other credit unions, according to KrebsOnSecurity, a website that tracks cybersecurity issues.

Following the passage of the Patriot Act in the wake of the Sept. 11, 2001, terror attacks, all financial institutions must appoint two BSA contacts who are in charge of reporting financial transactions potentially related to money laundering. Credit unions are required to disclose those contacts to the National Credit Union Administration.

Some in the industry were concerned that the names of the BSA officers may have come from a breach at the NCUA, according to KrebsOnSecurity.

But the regulator said it has completed a review and did not find a breach.

“Upon learning of the recent spear phishing campaign targeting Bank Secrecy Act officers at credit unions, the NCUA conducted a comprehensive review of its security logs and alerts,” the NCUA said in a statement. “This review is completed, and it did not find any indication that information was compromised.”

KrebsOnSecurity also reported that other financial institutions that were not credit unions were targeted in the attack.

“FinCEN is aware of the phishing attempts and we’re examining the circumstances,” the Treasury Department said in a statement, according to KrebsOnSecurity. “There is no indication that any FinCEN systems were compromised.”

The sophisticated phishing campaign addressed each recipient by name while claiming that a member’s transfer was halted due to suspected money laundering, according to the KrebsOnSecurity report. The e-mail encouraged recipients to open an e-mail attachment to review the alleged transaction.
Grammatical errors were present in the e-mails in addition to the communications coming from email addresses not associated with the credit union, which supposedly sent them, KrebsOnSecurity said. Both are indicators of malicious phishing content.

Though the e-mail attachment was clean, it did contain a link leading to a malicious site.