Cybersecurity Alert: AML Professionals Targeted in Phishing Attempts

February 12, 2019

On February 8, Krebs on Security reported that a number of AML compliance professionals at credit unions and other financial institutions have recently been the target of phishing emails spoofed to look like they were sent by Bank Secrecy Act (BSA) officers at other financial institutions. These emails were addressed to the recipient by name and they claimed that a suspicious transaction from the recipient's financial institution was put on hold for suspected money laundering. The recipient was asked to review an attached PDF for more information about the transaction, which contained links to a malicious site. 

ACA Guidance

This wide-spread phishing attempt is a reminder that any profession can be subject to cybersecurity attacks, including AML professionals. The following clues are common characteristics of a phishing email:
  • The email address does not seem like it is from the institution the sender claims to be a part of
  • There are typos in the body of the email
  • The URL of a link in the email or an attachment does not seem to be associated with the institution the sender claims to be a part of

If you receive an email that you suspect to be a phishing attempt, forward it to your institution's Information Technology department immediately and ask them to investigate it before you click any links or respond to the recipient.

How ACA Can Help

ACA Aponix offers the following solutions that can help your institution prevent or respond to a cyber-attack: