August 06, 2019

NCUA flags rise in email fraud

scamsThe NCUA sent a risk alert to credit unions Monday, warning the industry of the rise in business email compromise (BEC) fraud schemes and potential related losses. Regulators are targeting this type of fraud, which recent data from the Financial Crimes Enforcement Network (FinCEN) revealed that BEC scams led to more than $300 million stolen a month in 2018 – more than three times what was reported in 2016.

NAFCU recently shared with FinCEN ways to improve information sharing between government agencies, law enforcement and financial institutions to better combat Bank Secrecy Act-related issues. The agency highlighted its efforts to combat BEC scams as it released related data last month.

In its alert, the NCUA explained what BEC scams typically look like and encouraged credit unions to report such fraud to the FBI's Internet Crime Complaint Center, which created a recovery asset team last year due to the significant increase in complaints and losses.

The agency also provided tips to help credit unions prevent such fraud, which include, among others:

  • never make a payment change without verifying the change with the intended recipient;
  • verify the accuracy of email addresses when checking mail on a mobile device;
  • use a two-step verification process to verify wire requests with members, and use information from previously known email addresses and phone numbers rather than what is provided in the wire transfer request; and
  • require staff to investigate and verify changes to members' personal information or business practices of the credit union's vendors or member business accounts.

See the full list of tips in the risk alert here. NAFCU has cybersecurity compliance resources available online – including its most recent BSA Blast, which details FinCEN's BEC efforts. A webinar available on-demand also details how to identify cybersecurity risks and vulnerabilities.