Banking Exchange Magazine Logo

Hack Attempts: BSA Officers Are Not immune

Criminals are getting smarter and smarter and the newest hacker attempt just proves that

  • |
  • Written by  John Meyer, Chief Strategy Officer of Abrigo
  • |
  • Comments:   DISQUS_COMMENTS
Hack Attempts: BSA Officers Are Not immune

We know that criminals are getting smarter and smarter and the newest hacker attempt just proves that.

An attack vector was reported to us this week from several of our customers whereby a hacker is sending 314(b) information requests with an infected attachment. The message looks something like this:

Hello Amy

My name is Elaine Kirk and I'm BSA/AML officer at Interra Credit Union.

We've got suspicions transfer from your client, and put it on hold.

According section 314(b) of the USA PATRIOT Act we have to report you about potential money laundering.

Please review the attached document with details of this case.


Elaine Kirk

BSA-AML Compliance Officer

Interra Credit Union

The grammar police are throwing up major red flags, but this new attack vector shows something even scarier than just bad grammar: a level of sophistication similar to what bank customers and credit union members are already receiving with business email compromise (BEC) and email account compromise (EAC) phishing emails, but now aimed at BSA/AML professionals. The hackers have determined a vulnerable workflow within financial institutions where we want to stop the bad guys by sharing information. Someone studied how we work to safeguard the United States financial system and is using that information for nefarious goals.

How can you protect your institution from these attacks? First of all, be aware that the BSA/AML profession is not immune to these sorts of incidents. Then, follow these four steps:

1. Follow your policies. These policies and procedures around email attachments and links in emails (especially from unknown sources) are in place for a reason. You open your institution up to unnecessary risks by not following these rules.

2. Spread the news. Make sure your staff knows the current phishing scams going around and are aware of what to look for, including email addresses/domains and sender/company names.

3. Pick up the phone. Do an internet search of the emailing institution (make sure they have a legitimate website!), call the main line and ask to speak with the person who emailed you. This way you can verbally verify if they sent the original email.

4. Use common sense. If even one thing seems off about the email (especially basic spelling/grammar), take a deeper look before you click or download anything. If you don’t normally expect an attachment with a specific request or task, don’t download or open the attachment. Trust your gut.

If you have received a suspected phishing email, the FBI Cyber Division is asking you to file a complaint on the IC3 website:

Thanks for what all of you do to thwart financial crime and safeguard the U.S.

John Meyer is the Chief Strategy Officer of Abrigo

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo