CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • COVID-19
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » Compliance: NCUA issues email compromise fraud risk alert
Policy & Issues

Compliance: NCUA issues email compromise fraud risk alert

August 6, 2019

NCUA issued a risk alert (19-RISK-01) this week describing the increasing frequency of, and losses related to, business email compromise fraud scheme. The alert consists of a description of the attack, how to report to law enforcement, how law enforcement generally responds and ways to prevent, report and recover from business email compromise fraud.

“Credit unions can take steps to prevent this type of fraud and should report such fraud, when it occurs, to the FBI’s Internet Crime Complaint Center,” NCUA Chairman Rodney Hood notes. “Credit unions that report incidents to the Internet Crime Complaint Center promptly increase their opportunity to recover funds that have been wired under fraudulent pretenses.”

Business email compromise occurs when a criminal uses email to impersonate a legitimate business or person in order to request or access fraudulent payments. The Internet Crime Complaint Center’s goal is to quickly identify and freeze suspicious wire transfers before funds are transferred or removed from a suspect’s account.

Credit unions can take the following steps to help prevent business email compromise fraud:

  • Never make a payment change without verifying the change with the intended recipient
  • Verify the accuracy of email addresses when checking mail on a mobile device
  • Use a two-step verification process to verify wire requests with members, and use information from previously known email addresses and phone numbers rather than what is provided in the wire transfer request
  • Require staff to investigate and verify changes to members’ personal information or business practices of the credit union’s vendors or member business accounts
  • Know the routines of members’ wire activity and contact them with any changes or concerns before sending a wire transfer
  • Verify transaction details with the recipient bank before sending a suspicious wire transfer
  • Use email spam filters to quickly identify potential fraudulent or spoofed emails
  • Create rules in the credit union’s intrusion detection system to flag emails with extensions that are similar, but different to, your credit union or members
  • Use caution posting information on social media and company websites, especially job duties/descriptions, hierarchal information, and out-of-office details
  • Implement multi-factor authentication (MFA) for corporate e-mail accounts that requires at least two pieces of information to login (something a user knows, such as a password, and something a user has, such as a dynamic PIN)

More self-protection strategies are outlined in Department of Justice’s “Best Practices for Victim Response and Reporting of Cyber Incidents.”

KEYWORDS compliance ncua
Credit Union Magazine - Winter 2020

Winter 2020

Credit Union Magazine’s Winter 2020 edition features CUNA’s 2021 lending outlook, CEO insights on adjusting to the pandemic, and board recruitment strategies.
Digital Edition •  Subscribe

Trending

  • Allowing capitalization of interest is consumer-friendly option

  • Todd Harper appointed NCUA Chairman

  • Compliance: NCUA, agencies issue FAQs on SAR, other AML requirements

Tweets by CUNA_News

Polls

Will you ask employees to receive the coronavirus vaccine?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites
  • Privacy Policy

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors