CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Jobs
  • Contact

News

Home » NCUA issues risk alert on cloud-based business email compromise
CU System

NCUA issues risk alert on cloud-based business email compromise

October 19, 2021
Scams

NCUA issued a Risk Alert (21-RISK-01) this week highlighting a recent bulletin that cybercriminals are targeting organizations that use popular cloud-based email services to conduct Business Email Compromise (BEC) scams. NCUA notes credit unions can take steps to prevent this type of fraud and should report any incidents of fraud immediately to the FBI’s Internet Crime Complaint Center and local FBI field office. 

Reporting incidents to the Internet Crime Complaint Center within 24 hours increases the chances of recovery for funds wired under fraudulent pretenses, according to NCUA. 

BEC scams are generally initiated through phishing emails designed to steal email account credentials. Cybercriminals use phishing kits that impersonate popular cloud-based email services. 

Credit unions can take the following steps to help prevent BEC fraud:

  • Enable multi-factor authentication for all email accounts.
  • Disable basic or legacy account authentication that does not support multi-factor authentication.
  • Use caution when posting information on social media and company websites, especially job duties and descriptions, hierarchal information, and out-of-office details.
  • Verify all payment changes and transactions in person or via a known telephone number.
  • Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.
  • Prohibit automatic forwarding of business email to external addresses.
  • Add an email banner to messages coming from outside your organization.
  • Prohibit legacy or unsupported email protocols, such as POP, IMAP, and SMTP1, that can be used to circumvent multi-factor authentication.
  • Ensure changes to mailbox login and settings are logged and retained for at least 90 days.
  • Enable alerts for suspicious activity, such as foreign logins.
  • Enable security features that block malicious email, such as anti-phishing and anti-spoofing policies.
  • Implement email authentication technologies such as Domain-based Message Authentication Reporting and Conformance policies to prevent spoofing and validate incoming email.

KEYWORDS NCUA
Credit Union Magazine: Winter 2022

Winter 2022

Credit Union Magazine’s Winter 2022 issue highlights data-driven marketing, the board’s role in cybersecurity, elder abuse scams, credit unions’ auto lending advantage, and more.
Digital Edition •  Subscribe

Trending

  • Reps introduce bipartisan Credit Union Board Modernization Act

  • Compliance: Experts analyze NCUA’s 2023 supervisory priorities

  • CFPB must convene SBREFA panel for credit card fee rulemaking

Tweets by CUNA_News

Polls

How do you feel about the economy in 2023?

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us