We know that criminals are getting smarter and smarter and the newest hacker attempt proves just that.
An attack vector was reported to us this week from several of our customers whereby a hacker is sending 314(b) information requests with an infected attachment to BSA officers. The message looks something like this:
My name is Elaine Kirk and I'm BSA/AML officer at Interra Credit Union.
We've got suspicions transfer from your client, and put it on hold.
According section 314(b) of the USA PATRIOT Act we have to report you about potential money laundering.
Please review the attached document with details of this case.
BSA-AML Compliance Officer
Interra Credit Union
The grammar police are throwing up major red flags, but this new attack vector shows something even scarier than just bad grammar: a level of sophistication similar to what bank customers and credit union members are already receiving with business email compromise (BEC) and email account compromise (EAC) phishing emails, but now aimed at BSA/AML professionals. The hackers have determined a vulnerable workflow within financial institutions where we want to stop the bad guys by sharing information. Someone studied how we work to safeguard the United States financial system and is using that information for nefarious goals.