Phishing Attack Targets US Anti-Money Laundering Officers

The National Credit Union Administration (NCUA) disclosed a phishing campaign targeting Bank Secrecy Act officers at US credit unions and other financial institutions. The officers were targeted because they are required to report suspicious financial transactions with the NCUA according to the USA Patriot Act. Threat actors spoofed the email addresses of the officers, claimed a suspicious transfer was put on hold, and advised them to review the attachment which contained a malicious link. The NJCCIC strongly recommends never opening attachments or using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. We recommend reviewing NCUA’s press release and Krebs on Security’s blog post for more details about this phishing campaign.