A spate of email phishing attacks has hit very specific targets in the U.S.: credit union officers responsible for monitoring money laundering activities.
Brian Krebs reports:
A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.
The USA Patriot Act, passed in the wake of the terror attacks of Sept 11, 2001, requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering. U.S. credit unions are required to register these BSA officers with the NCUA.
On the morning of Wednesday, Jan. 30, BSA officers at credit unions across the nation began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions.