US credit unions and FIs targeted by targeted phishing campaign

On January 30, 2019, Bank Secrecy Act (BSA) officers at credit unions across the US began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions.

Initially the messages were sent only to specific anti-money laundering contacts at credit unions, addressing each contact by name and claiming that a suspicious transfer from one of the recipient credit union’s customers was put on hold for suspected money laundering. The phishing emails encouraged recipients to open an attached PDF to review the suspect transaction, contained grammatical errors and were sent from email addresses not tied to the purported sending credit union.

The missives are suspicious because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions, Brian Krebs added.

However, the NCUA responded and released the following statement:

“Upon learning of the recent spear phishing campaign targeting Bank Secrecy Act officers at credit unions, the NCUA conducted a comprehensive review of its security logs and alerts. This review is completed, and it did not find any indication that information was compromised.

The most recent information available indicates the campaign extends beyond credit unions to other parts of the financial sector.

The NCUA encourages all credit union staff to be wary of suspicious emails, and credit unions may report suspicious activity to the agency. Additional information about phishing and other information security concerns is available on the agency’s Cybersecurity Resources webpage.”

The latest scam comes amid a significant rise in successful phishing attacks designed to siphon personal and financial data, as the US is entering tax season.