Security & Fraud

BSA Officials At FIs Targeted By Phishing Campaign

BSA

In a reported phishing campaign that began last month, Bank Secrecy Act (BSA) officials at credit unions in the U.S. are said to have been sent emails that appeared to have come from other BSA officers. The emails were reportedly only sent to certain anti-money laundering (AML) contacts, leading some to question if the National Credit Union Administration (NCUA)’s non-public data had been accessed, Krebs On Security reported.

The emails, which were sent to each contact with their names, asked the BSA officers to review a PDF file that was attached to the email to review a transaction. The outlet reported that the file “comes back clean via a scan at Virustotal.com,” however, the file’s body was said to include a link to a site that was malicious. It was not clear if any BSA officers had decided to follow the link to the site, according to the report.

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) reportedly knows about the emails. It is said to be asking financial institutions (FIs) to ignore them. And, according to the report, “multiple sources” claim that FIs beyond credit unions have received such emails.

The news comes as five federal agencies spoke in October on how credit unions, as well as community banks, can share resources to make BSA compliance streamlined and bolster AML efforts. FinCEN, NCUA, the Federal Reserve Board, the Federal Deposit Insurance Corp. (FDIC) and the Comptroller of the Currency were involved in the discussion.

In a statement at the time, the group said that collaborative arrangements generally are most suitable for banks with a community focus, less complex operations, and lower-risk profiles for money laundering or terrorist financing. The risk profile is bank-specific, and should be based on a risk assessment that properly considers all risk areas, including products, services, customers, entities and geographic locations.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

TRENDING RIGHT NOW