Heightened Risk of Social Engineering and Phishing Attacks
In a risk alert to federally insured credit unions, the National Credit Union Administration (NCUA) indicated that the on-going conflict in Ukraine has raised concerns about potential cyberattacks in the U.S., including those against the financial services sector. Therefore, the NCUA is cautioning all credit unions (regardless of size) – as well as vendors serving credit unions – to remain vigilant of potential targets for cyberattacks, like social engineering and phishing attacks. The NCUA further reminds credit unions to reiterate the continued importance of educating credit union employees and members on how to avoid these threats.
The alert directs credit unions to report any cyber incidents to the NCUA, the credit union’s local FBI field office or the Internet Crime Complaint Center, and the Cybersecurity and Infrastructure Security Agency.
In addition, the alert defines phishing and other malicious attempts as a technique to solicit personal information or to get victims to download malicious software by posing as a trustworthy entity. The alert also defines another variant of phishing, known as “smishing,” that uses SMS or other text messaging applications to get victims to click on malicious links to achieve similar goals to email phishing.
The alert further outlines the common indicators of phishing attempts, and how to avoid being a victim.
The NCUA also encourages credit unions to review the Cybersecurity and Infrastructure Security Agency’s Shields-Up website, which provides information about cybersecurity threats, including several resources and mitigation strategies.
As a reminder, the NCUA recently created the Automated Cybersecurity Evaluation Toolbox or ACET, for federally insured credit unions to use when evaluating their levels of cybersecurity preparedness. The ACET is a downloadable, standalone app developed to be a holistic cybersecurity resource for your credit union. ACET incorporates appropriate standards and practices established for financial institutions and across the cybersecurity discipline, like the Federal Financial Institutions Examination Council’s IT Examination Handbooks and the National Institute of Standards and Technology’s Cybersecurity Framework.
