Cybersecurity Alert: AML Professionals Targeted in Phishing Attempts

February 12, 2019

On February 8, Krebs on Security reported that a number of AML compliance professionals at credit unions and other financial institutions have recently been the target of phishing emails spoofed to look like they were sent by Bank Secrecy Act (BSA) officers at other financial institutions. These emails were addressed to the recipient by name and they claimed that a suspicious transaction from the recipient's financial institution was put on hold for suspected money laundering. The recipient was asked to review an attached PDF for more information about the transaction, which contained links to a malicious site. 

ACA Guidance

This wide-spread phishing attempt is a reminder that any profession can be subject to cybersecurity attacks, including AML professionals. The following clues are common characteristics of a phishing email:
  • The email address does not seem like it is from the institution the sender claims to be a part of
  • There are typos in the body of the email
  • The URL of a link in the email or an attachment does not seem to be associated with the institution the sender claims to be a part of

If you receive an email that you suspect to be a phishing attempt, forward it to your institution's Information Technology department immediately and ask them to investigate it before you click any links or respond to the recipient.

How ACA Can Help

ACA Aponix offers the following solutions that can help your institution prevent or respond to a cyber-attack:

About ACA Aponix

ACA Aponix, a division of ACA Compliance Group, provides cybersecurity and technology risk assessments, vendor and M&A diligence services, network testing, and advisory services. Our team of highly experienced technologists combines expertise across the breadth of cybersecurity and information technology. Our award-winning Technology Risk Assessment is designed to address the latest requirements from regulators and boards. We offer a suite of consulting and advisory services designed to help firms uncover risks and identify deficiencies in their cybersecurity policies, procedures, and controls.

About ACA Telavance

ACA Telavance provides a range of anti-money laundering (AML) and financial crime services that is unique among its peers. As part of ACA Compliance Group, we are positioned to provide extensive advisory and technology solutions to assist financial institutions in addressing their regulatory concerns. We work closely with Chief Risk and Compliance Officers to understand their unique challenges, propose innovative solutions, and implement recommendations and best practices.

For More Information

If you have questions about this alert, please contact Mahesh Viswanathan at or your regular ACA consultant.