NCUA issued a Risk Alert (22-RISK-01) on the heighted risk of social engineering and phishing attacks that comes with the conflict in Ukraine. According to NCUA, there are raised concerns over potential cyberattacks in the U.S., including against the financial sector.
“All credit unions and vendors, regardless of size, are potential targets for cyberattacks, like social engineering and phishing attacks, and must remain vigilant,” the alert reads, adding that credit unions should report any cyber incidents to NCUA, the local FBI field office or the Internet Crime Complaint Center, and the Cybersecurity and Infrastructure Security Agency.
Phishing is a technique that uses email or malicious websites to solicit personal information or to get victims to download malicious software by posing as a trustworthy entity. Another variant of phishing, known as smishing, uses text messaging applications to get victims to click on malicious links
NCUA recently created the Automated Cybersecurity Evaluation Toolbox (ACET) for federally insured credit unions to use when evaluating their levels of cybersecurity preparedness. ACET is a downloadable, standalone app developed to be a holistic cybersecurity resource for credit unions.