Phishing Attack Targets Bank & Credit Union BSA Compliance Officers
Friday, February 22, 2019 7:40 AM

As you may now know, a phishing scam targeting BSA compliance officers at credit unions and other financial institutions was reported this week by KrebsOnSecurity. The article originally singled out the attacks on credit unions but was later updated to reflect that attacks targeted bank BSA compliance officers as well. If you have not read the article, you should. The “Krebs” article contains an image of one of the phishing emails to a credit union.

What made these phishing attacks notable was that they were directed to the BSA officers of credit unions and banks by name. The phishing emails purported to be from named BSA officers at other financial institutions. The emails informed the recipient BSA officer that a suspicious transaction by one their customers had been put on hold by the “sending” institution and asked the recipient to open an attached PDF to review the frozen transaction. The body of the PDF contained a link to a malicious website.

That the phishing emails targeted BSA officers by name has led to conjecture that the fraudsters obtained names and email addresses by accessing a federal regulatory database. As of Friday, NCUA had issued a statement stating that an internal review found no breach of its BSA data.

The Financial Crimes Enforcement Network (FinCEN) posted the following message on its secure information sharing portal (

  1. Hovering over the sender in the email to verify the sending address;
  2. Being alert for misspellings and grammatical errors;
  3. Verify sender before opening attachments and clicking on links; and
  4. Using the phone to verify the sender is legitimate.

We will keep you abreast of further developments on this issue.

Source: TCUD