A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers.
Credit unions and banks are both required by the Bank Secrecy Act (BSA) to report potential money laundering operations and to dedicate at least two staff members to ensure compliance. The phishing emails seemed to specifically target the accounts of these BSA officers, which raises the concern that a database containing their information may have been compromised.
Emails associated with the campaign were “spoofed” to look like they were coming from BSA officers assigned to other financial institutions. The emails contained multiple spelling errors and directed recipients to open PDF attachments containing information on money laundering. Anti-virus scans showed that the attachments didn’t contain malware, but contained links to sites.
The U.S. Department of Treasury’s Financial Crimes Enforcement Network indicated that it was aware of the campaign.
Read more about the story here.