Tuesday, February 12, 2019

Phishing Attack Targets CU AML Officers

Krebs on Security is reporting that on January 30 a highly targeted, malware-laced phishing campaign landed in the inboxes of anti-money laundering (AML) officers at multiple credit unions.

The USA Patriot Act requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering.

These BSA contacts at credit unions are registered with the National Credit Union Administration (NCUA). This information is not publicly available.

Given the targeted nature of the spear phishing attack, some within the credit union industry speculated that NCUA may have been compromised.

However, NCUA denied the allegation. NCUA in a February 8 press release stated:
Upon learning of the recent spear phishing campaign targeting Bank Secrecy Act officers at credit unions, the NCUA conducted a comprehensive review of its security logs and alerts. This review is completed, and it did not find any indication that information was compromised.
It appears that the spear phishing campaign has spread beyond credit unions to other financial institutions.

This does raise the question of how did these phishers obtain this non-public information about BSA officers?

2 comments:

  1. Does any other entity have this information?

    ReplyDelete
  2. Yeah... FinCEN.
    ...And everyone single FI/Person who is register for 314b sharing can download the full list at any time.
    Including *GASP* ...bankers...

    ReplyDelete

 

The content is provided for educational purposes only, with the understanding that neither the authors, contributors, nor the publishers of this site are engaged in rendering legal, accounting or other expert or professional services. If legal or other expert assistance is required, the services of a competent professional should be sought.

Comments appearing in response to articles appearing on this site do not necessarily reflect the views of the ABA. ABA makes no representations regarding the truth or accuracy of commentary or opinions that may be posted in response to the articles that appear on this website.

The inclusion herein of any link to a website, either in the text of an article or in a comment, does not denote any approval, sponsorship, or endorsement by the ABA, and ABA is not responsible for the content or opinions expressed on those linked websites or related commentary. This content is not licensed to third parties sites and is not affiliated with any third party site. Any reference to the author or this content on any third party site on the Internet is not authorized by the ABA.

It is the policy of the American Bankers Association to comply fully with all antitrust laws. Certain discussions should be considered off-limits, including those that contain competitively sensitive data such as price and cost information, or statements that could be construed as reflecting an attempt or desire to control or influence a particular market or markets. Future pricing or other prospective competitive information should never be shared.